[Emerging-Sigs] Microsoft DirectX 9 Video Mixer Renderer(msvidctl.dll) ActiveX Multiple Remote Vulnerabilities

dave richards dave.richards0319 at gmail.com
Fri Oct 1 06:28:51 EDT 2010


Hi Matt,

Please find the signature for Microsoft DirectX 9 Video Mixer
Renderer(msvidctl.dll) ActiveX Multiple Remote Vulnerabilities

alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"WEB-ATTACKS
Microsoft DirectX 9 msvidctl.dll ActiveX Control Code Execution
Attempt"; flow:to_client,established; content:"<OBJECT "; nocase;
content:"classid"; nocase; distance:0; content:"CLSID"; nocase;
distance:0; content:"24DC3975-09BF-4231-8655-3EE71F43837D"; nocase;
distance:0; content:".CustomCompositorClass"; nocase;
pcre:"/<OBJECT\s+[^>]*classid\s*=\s*[\x22\x27]?\s*clsid\s*\x3a\s*\x7B?\s*24DC3975-09BF-4231-8655-3EE71F43837D/si";
classtype:web-application-attack;
reference:url,packetstorm.linuxsecurity.com/1009-exploits/msvidctl-activex.txt;
sid:20111025; rev:1;)

alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"WEB-ATTACKS
Microsoft DirectX 9 ActiveX Control Format String Function Call";
flow:to_client,established; content:"ActiveXObject"; nocase;
content:"MSVidCtlLib.MSVidVMR9"; nocase; distance:0;
content:".CustomCompositorClass"; nocase; classtype:attempted-user;
reference:url,packetstorm.linuxsecurity.com/1009-exploits/msvidctl-activex.txt;
sid:20111026; rev:1;)

Looking forward for your comments if any,
-- 
Regards,
Dave


More information about the Emerging-sigs mailing list