alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET DELETED MS10-090 IE CSS Exploit Metasploit POC Specific Unicoded"; flow:to_client,established; content:"|40 00 69 00 6d 00 70 00 6f 00 72 00 74 00|"; content:"|40 00 69 00 6d 00 70 00 6f 00 72 00 74 00|"; distance:0; content:"|40 00 69 00 6d 00 70 00 6f 00 72 00 74 00|"; distance:0; pcre:"/@\x00i\x00m\x00p\x00o\x00r\x00t\x00\x20.{4,20}[^\x00\w\s.]/sG"; reference:cve,CVE-2010-3971; reference:url,breakingpointsystems.com/community/blog/ie-vulnerability/; reference:bid,45246; classtype:attempted-admin; sid:2012149; rev:6; metadata:affected_product Web_Browsers, affected_product Any, affected_product Web_Browser_Plugins, attack_target Client_and_Server, created_at 2011_01_05, deployment Perimeter, deployment Internet, deployment Internal, deployment Datacenter, signature_severity Critical, tag Web_Client_Attacks, tag Metasploit, updated_at 2019_07_26;)