ET ACTIVEX Apple QuickTime _Marshaled_pUnk Backdoor Param Arbitrary Code Execution Attempt

SID: 2011412Rev: 20 viewsHistory

Sourceet/open

CreatedSeptember 28, 2010

UpdatedJuly 26, 2019

Classificationattempted-user

alert http $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET ACTIVEX Apple QuickTime _Marshaled_pUnk Backdoor Param Arbitrary Code Execution Attempt"; flow:established,from_server; content:"clsid"; nocase; content:"02BF25D5-8C17-4B23-BC80-D3488ABDDC6B"; nocase; distance:0; content:"_Marshaled_pUnk"; nocase; pcre:"/<OBJECT\s+[^>]*classid\s*=\s*[\x22\x27]?\s*clsid\s*\x3a\s*\x7B?\s*02BF25D5-8C17-4B23-BC80-D3488ABDDC6B/si"; reference:url,www.exploit-db.com/exploits/14843/; classtype:attempted-user; sid:2011412; rev:2; metadata:created_at 2010_09_28, confidence Medium, signature_severity Major, updated_at 2019_07_26;)

References

url	www.exploit-db.com/exploits/14843/

Metadata

created at2010_09_28

confidenceMedium

signature severityMajor

updated at2019_07_26

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!