Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: Snort Rule released on BleedingSnort for the Windows Javascript vulnerability - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Snort Rule released on BleedingSnort for the Windows Javascript vulnerability
alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any
(msg:"BLEEDING-EDGE CURRENT EVENTS Microsoft Internet
Explorer Window() Possible Code Execution"; flow:established,from_server;
content:"window"; nocase; pcre:"/[=:'"s]windows*(s*)/i";
reference:url,secunia.com/advisories/15546; \  reference:url,www.computerterrorism.com/research/ie/ct21-11-2005;
reference:cve,2005-1790; classtype:attempted-user; sid:2002682; rev:1; )


Download it directly from here:

http://www.bleedingsnort.com/cgi-bin/viewcvs.cgi/sigs/CURRENT_EVENTS/CURRENT_Internet_Explorer?view=markup


Please let us know about problems with this rule, and/or when you notice sites hosting/performing this exploit.

thanks!

Mike Poor
Handler on Duty
Intelguardians
Mike

49 Posts

Sign Up for Free or Log In to start participating in the conversation!