[Emerging-Sigs] SIG: ET ACTIVEX DivX Plus Web Player DivXPlaybackModule File URL Buffer Overflow Attempt

Kevin Ross kevross33 at googlemail.com
Thu Oct 6 15:37:29 EDT 2011


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET ACTIVEX DivX
Plus Web Player DivXPlaybackModule File URL Buffer Overflow Attempt";
flow:established,to_client; content:"67DABFBF-D0AB-41fa-9C46-CC0F21721616";
nocase; content:"file|3A 2F 2F|"; nocase; distance:0; isdataat:200,relative;
content:!"|0A|"; within:200;
pcre:"/<OBJECT\s+[^>]*classid\s*=\s*[\x22\x27]?\s*clsid\s*\x3a\s*\x7B?\s*67DABFBF-D0AB-41fa-9C46-CC0F21721616/smi";
classtype:attempted-user; reference:url,
http://dl.packetstormsecurity.net/1109-advisories/sa45550.txt; sid:1234001;
rev:1;)

Regards, Kev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20111006/71332089/attachment.html


More information about the Emerging-sigs mailing list