Rule History

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET DELETED CVE-2013-1331 Microsoft Office PNG Exploit plugin-detect script access"; flow:established,from_client; http.uri; content:"/vw.php?i="; fast_pattern; pcre:"/\/vw\.php\?i=[a-fA-F0-9]+?\-[a-fA-F0-9]+?$/"; reference:url,blogs.technet.com/b/srd/archive/2013/06/11/ms13-051-get-out-of-my-office.aspx; classtype:attempted-user; sid:2017007; rev:9; metadata:created_at 2013_06_12, signature_severity Unknown, tag CISA_KEV, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2022_07_13;)