Versions (4)
Version DetailsCurrent
Rev: 5 • Jul 30, 2010, 12:00 PMET EXPLOIT Computer Associates Brightstor ARCServe Backup Mediasvr.exe Remote Exploit
alert tcp $EXTERNAL_NET any -> $HOME_NET 1024:65535 (msg:"ET EXPLOIT Computer Associates Brightstor ARCServe Backup Mediasvr.exe Remote Exploit"; flow:established,to_server; content:"|00 06 09 7e|"; offset:16; depth:4; content:"|00 00 00 bf 00 00 00 00 00 00 00 00|"; distance:4; within:12; reference:url,www.milw0rm.com/exploits/3604; classtype:attempted-admin; sid:2003518; rev:5; metadata:created_at 2010_07_30, confidence Medium, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2019_07_26;)
Jul 30, 2010, 12:00 PM
Jul 26, 2019, 12:00 PM
Sep 21, 2024, 3:00 AM
Dec 12, 2025, 10:34 PM
rules/emerging-exploit.rules