Rule History

SID: 2012621 • Source: et/open

Versions (5)

Version DetailsCurrent

Rev: 4 • Apr 1, 2011, 12:00 PM

Message:

ET EXPLOIT Adobe Flash SWF File Embedded in XLS FILE Caution - Could be Exploit

Rule:

alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET EXPLOIT Adobe Flash SWF File Embedded in XLS FILE Caution - Could be Exploit"; flow:established,from_server; content:"|0D 0A 0D 0A D0 CF 11 E0 A1 B1 1A E1|"; content:"SWF"; fast_pattern:only; reference:url,blogs.adobe.com/asset/2011/03/background-on-apsa11-01-patch-schedule.html; reference:url,bugix-security.blogspot.com/2011/03/cve-2011-0609-adobe-flash-player.html; reference:bid,46860; reference:cve,2011-0609; classtype:attempted-user; sid:2012621; rev:4; metadata:created_at 2011_04_01, confidence Medium, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2019_07_26;)

Created:

Apr 1, 2011, 12:00 PM

Updated:

Jul 26, 2019, 12:00 PM

DB Created:

Sep 21, 2024, 3:00 AM

DB Updated:

Oct 2, 2025, 10:34 PM

Filename:

rules/emerging-exploit.rules