[Emerging-Sigs] Microsoft DirectX 9 Video Mixer Renderer(msvidctl.dll) ActiveX Multiple Remote Vulnerabilities

Matthew Jonkman jonkman at emergingthreatspro.com
Fri Oct 1 17:08:18 EDT 2010


Posting, thanks Dave!

Matt


On Oct 1, 2010, at 6:28 AM, dave richards wrote:

> Hi Matt,
> 
> Please find the signature for Microsoft DirectX 9 Video Mixer
> Renderer(msvidctl.dll) ActiveX Multiple Remote Vulnerabilities
> 
> alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"WEB-ATTACKS
> Microsoft DirectX 9 msvidctl.dll ActiveX Control Code Execution
> Attempt"; flow:to_client,established; content:"<OBJECT "; nocase;
> content:"classid"; nocase; distance:0; content:"CLSID"; nocase;
> distance:0; content:"24DC3975-09BF-4231-8655-3EE71F43837D"; nocase;
> distance:0; content:".CustomCompositorClass"; nocase;
> pcre:"/<OBJECT\s+[^>]*classid\s*=\s*[\x22\x27]?\s*clsid\s*\x3a\s*\x7B?\s*24DC3975-09BF-4231-8655-3EE71F43837D/si";
> classtype:web-application-attack;
> reference:url,packetstorm.linuxsecurity.com/1009-exploits/msvidctl-activex.txt;
> sid:20111025; rev:1;)
> 
> alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"WEB-ATTACKS
> Microsoft DirectX 9 ActiveX Control Format String Function Call";
> flow:to_client,established; content:"ActiveXObject"; nocase;
> content:"MSVidCtlLib.MSVidVMR9"; nocase; distance:0;
> content:".CustomCompositorClass"; nocase; classtype:attempted-user;
> reference:url,packetstorm.linuxsecurity.com/1009-exploits/msvidctl-activex.txt;
> sid:20111026; rev:1;)
> 
> Looking forward for your comments if any,
> -- 
> Regards,
> Dave
> 
> _______________________________________________
> Emerging-sigs mailing list
> Emerging-sigs at emergingthreats.net
> http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs
> 
> Support Emerging Threats! Get your ET Stuff! Tshirts, Coffee Mugs and Lanyards
> http://www.emergingthreats.net/index.php/support-et-and-buy-et-schwag.html


----------------------------------------------------
Matthew Jonkman
Emerging Threats
Open Information Security Foundation (OISF)
Phone 765-429-0398
Fax 312-264-0205
http://www.emergingthreats.net
http://www.openinfosecfoundation.org
----------------------------------------------------

PGP: http://www.jonkmans.com/mattjonkman.asc





More information about the Emerging-sigs mailing list