ET ACTIVEX Possible Acer LunchApp Arbitrary Code Exucution Attempt

SID: 2009868Rev: 110 viewsHistory

Sourceet/open

CreatedJuly 30, 2010

UpdatedJuly 26, 2019

Classificationattempted-user

alert http $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET ACTIVEX Possible Acer LunchApp Arbitrary Code Exucution Attempt"; flow:established,from_server; content:"3895DD35-7573-11D2-8FED-00606730D3AA"; nocase; content:"RUN"; nocase; distance:0; pcre:"/<OBJECT\s+[^>]*classid\s*=\s*[\x22\x27]?\s*clsid\s*\x3a\s*\x7B?\s*3895DD35-7573-11D2-8FED-00606730D3AA/si"; reference:url,securitytracker.com/alerts/2009/Aug/1022752.html; reference:url,www.kb.cert.org/vuls/id/485961; reference:url,www.securityfocus.com/bid/21207/info; classtype:attempted-user; sid:2009868; rev:11; metadata:created_at 2010_07_30, confidence Medium, signature_severity Unknown, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2019_07_26;)

References

url	securitytracker.com/alerts/2009/Aug/1022752.html
url	www.kb.cert.org/vuls/id/485961
url	www.securityfocus.com/bid/21207/info

Metadata

created at2010_07_30

confidenceMedium

signature severityUnknown

tagDescription_Generated_By_Proofpoint_Nexus

updated at2019_07_26

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!