Rule History

SID: 2010799 • Source: et/open

Versions (3)

Version DetailsCurrent

Rev: 7 • Jul 30, 2010, 12:00 PM

Message:

ET WEB_CLIENT Possible Internet Explorer srcElement Memory Corruption Attempt

Rule:

alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET WEB_CLIENT Possible Internet Explorer srcElement Memory Corruption Attempt"; flow:established,to_client; content:"document.createEventObject"; nocase; content:".innerHTML"; within:100; nocase; content:"window.setInterval"; distance:0; nocase; content:"srcElement"; fast_pattern; nocase; distance:0; reference:url,www.microsoft.com/technet/security/bulletin/ms10-002.mspx; reference:url,tools.cisco.com/security/center/viewAlert.x?alertId=19726; reference:url,www.kb.cert.org/vuls/id/492515; reference:cve,2010-0249; classtype:attempted-user; sid:2010799; rev:7; metadata:affected_product Web_Browsers, affected_product Web_Browser_Plugins, attack_target Client_Endpoint, created_at 2010_07_30, cve CVE_2010_0249, deployment Perimeter, deprecation_reason Performance, performance_impact Significant, confidence Low, signature_severity Major, tag Web_Client_Attacks, updated_at 2024_04_10;)

Created:

Jul 30, 2010, 12:00 PM

Updated:

Apr 10, 2024, 12:00 PM

DB Created:

Jul 30, 2010, 12:00 PM

DB Updated:

Sep 13, 2024, 3:01 PM

Filename:

rules/emerging-web_client.rules