ET DELETED Possible Microsoft Windows .lnk File Processing WebDAV Arbitrary Code Execution Attempt

SID: 2011270Rev: 40 views
History
Sourceet/open
CreatedJuly 30, 2010
UpdatedJuly 26, 2019
Classificationattempted-user
alert http $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET DELETED Possible Microsoft Windows .lnk File Processing WebDAV Arbitrary Code Execution Attempt"; flow:established,to_client; content:"<lp2|3A|executable>T</lp2|3A|executable>"; nocase; content:"<D|3A|lockscope><D|3A|exclusive/></D|3A|lockscope>"; nocase; distance:0; content:"</D|3A|lockentry>"; nocase; distance:0; content:"<D|3A|lockscope><D|3A|shared/></D|3A|lockscope>"; nocase; distance:0; reference:url,tools.cisco.com/security/center/viewAlert.x?alertId=20918; reference:url,www.kb.cert.org/vuls/id/940193; reference:url,www.microsoft.com/technet/security/advisory/2286198.mspx; reference:cve,2010-2568; classtype:attempted-user; sid:2011270; rev:4; metadata:created_at 2010_07_30, signature_severity Unknown, updated_at 2019_07_26;)

References

urltools.cisco.com/security/center/viewAlert.x?alertId=20918
urlwww.kb.cert.org/vuls/id/940193
urlwww.microsoft.com/technet/security/advisory/2286198.mspx
cve2010-2568

Metadata

created at2010_07_30
signature severityUnknown
updated at2019_07_26

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!