[Emerging-Sigs] Signature for SoftTek Barcode Reader ActiveX Contro Multiple Vulnerabilities

dave richards dave.richards0319 at gmail.com
Thu Oct 28 08:14:41 EDT 2010


Hi Matt,

Please find the signature for the following,

Softek Barcode Reader Toolkit ActiveX Control Buffer Overflow Attempt

alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"WEB-ATTACKS
Softek Barcode Reader Toolkit ActiveX Control Buffer Overflow Attempt";
flow:to_client,established; content:"<OBJECT "; nocase; content:"classid";
nocase; distance:0; content:"CLSID"; nocase; distance:0;
content:"11E7DA45-B56D-4078-89F6-D3D651EC4CD6"; nocase; distance:0;
content:".DebugTraceFile"; nocase;
pcre:"/<OBJECT\s+[^>]*classid\s*=\s*[\x22\x27]?\s*clsid\s*\x3a\s*\x7B?\s*11E7DA45-B56D-4078-89F6-D3D651EC4CD6/si";
classtype:web-application-attack; reference:url,
exploit-db.com/exploits/15071; sid:20101091; rev:1;)

alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"WEB-ATTACKS
Softek Barcode Reader Toolkit ActiveX Control Format String Function Call";
flow:to_client,established; content:"ActiveXObject"; nocase;
content:"SoftekATL.CBarcode"; nocase; distance:0; content:".DebugTraceFile";
nocase; classtype:attempted-user; reference:url,
exploit-db.com/exploits/15071/; sid:20101092; rev:1;)
-- 
Regards,
Dave
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20101028/0a080c0f/attachment-0001.html


More information about the Emerging-sigs mailing list