Versions (2)
Version DetailsCurrent
Rev: 8 • Jul 30, 2010, 12:00 PMET ACTIVEX Microsoft Internet Explorer Tabular DataURL ActiveX Control Memory Corruption Attempt
alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET ACTIVEX Microsoft Internet Explorer Tabular DataURL ActiveX Control Memory Corruption Attempt"; flow:established,to_client; content:"333C7BC4-460F-11D0-BC04-0080C7055A83"; nocase; content:"DataURL"; nocase; distance:0; content:"value=|22|"; nocase; distance:0; isdataat:100,relative; content:!"|0A|"; within:100; pcre:"/<OBJECT\s+[^>]*classid\s*=\s*[\x22\x27]?\s*clsid\s*\x3a\s*\x7B?\s*333C7BC4-460F-11D0-BC04-0080C7055A83/si"; reference:url,securitytracker.com/alerts/2010/Mar/1023773.html; reference:url,tools.cisco.com/security/center/viewAlert.x?alertId=20202; reference:url,www.metasploit.com/redmine/projects/framework/repository/revisions/9018/entry/modules/exploits/windows/browser/ms10_018_ie_tabular_activex.rb; reference:url,www.microsoft.com/technet/security/bulletin/ms10-018.mspx; reference:url,www.vupen.com/english/advisories/2010/0744; reference:url,www.kb.cert.org/vuls/id/744549; reference:cve,2010-0805; classtype:attempted-user; sid:2011007; rev:8; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, created_at 2010_07_30, cve CVE_2010_0805, deployment Perimeter, confidence Medium, signature_severity Major, tag ActiveX, updated_at 2019_07_26;)
Jul 30, 2010, 12:00 PM
Jul 26, 2019, 12:00 PM
Jul 30, 2010, 12:00 PM
May 31, 2024, 9:00 PM
rules/emerging-activex.rules