Rule History

alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET DELETED CVE-2013-1331 Microsoft Office PNG Exploit plugin-detect script access"; flow:established,to_client; file_data; content:"ScriptBridge.ScriptBridge"; content:"|00|h|00|t|00|t|00|p|00 3a 00 2f 00 2f 00|"; content:"|2f 00|v|00|w|00|.|00|p|00|h|00|p|00|?|00|i|00|="; distance:0; fast_pattern; reference:url,blogs.technet.com/b/srd/archive/2013/06/11/ms13-051-get-out-of-my-office.aspx; classtype:attempted-user; sid:2017006; rev:6; metadata:created_at 2013_06_12, signature_severity Unknown, tag CISA_KEV, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2022_06_15;)