Rule History

alert http $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET ACTIVEX EasyMail Objects emmailstore.dll ActiveX Control Remote Buffer Overflow"; flow:to_client,established; content:"5B8BE023-76A2-4F6D-8993-F7E588D79D98"; nocase; content:"0x400000"; nocase; content:"CreateStore"; nocase; reference:bugtraq,32722; reference:url,milw0rm.com/exploits/7402; classtype:web-application-attack; sid:2008963; rev:9; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, created_at 2010_07_30, deployment Perimeter, confidence High, signature_severity Major, tag ActiveX, updated_at 2019_07_26;)