alert tcp $EXTERNAL_NET $HTTP_PORTS -&gt; $HOME_NET any (msg:&quot;ET ACTIVEX DivX Plus Web Player DivXPlaybackModule File URL Buffer Overflow Attempt&quot;; flow:established,to_client; content:&quot;67DABFBF-D0AB-41fa-9C46-CC0F21721616&quot;; nocase; content:&quot;file|3A 2F 2F|&quot;; nocase; distance:0; isdataat:200,relative; content:!&quot;|0A|&quot;; within:200; pcre:&quot;/&lt;OBJECT\s+[^&gt;]*classid\s*=\s*[\x22\x27]?\s*clsid\s*\x3a\s*\x7B?\s*67DABFBF-D0AB-41fa-9C46-CC0F21721616/smi&quot;; classtype:attempted-user; reference:url,<a href="http://dl.packetstormsecurity.net/1109-advisories/sa45550.txt">http://dl.packetstormsecurity.net/1109-advisories/sa45550.txt</a>; sid:1234001; rev:1;)<br>
<br>Regards, Kev<br>