Snort Rule released on BleedingSnort for the Windows Javascript vulnerability

Published: 2005-11-21
Last Updated: 2005-11-21 21:54:22 UTC
by Mike Poor (Version: 1)
0 comment(s)
alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any
(msg:"BLEEDING-EDGE CURRENT EVENTS Microsoft Internet
Explorer Window() Possible Code Execution"; flow:established,from_server;
content:"window"; nocase; pcre:"/[=:'"s]windows*(s*)/i";
reference:url,secunia.com/advisories/15546; \  reference:url,www.computerterrorism.com/research/ie/ct21-11-2005;
reference:cve,2005-1790; classtype:attempted-user; sid:2002682; rev:1; )


Download it directly from here:

http://www.bleedingsnort.com/cgi-bin/viewcvs.cgi/sigs/CURRENT_EVENTS/CURRENT_Internet_Explorer?view=markup


Please let us know about problems with this rule, and/or when you notice sites hosting/performing this exploit.

thanks!

Mike Poor
Handler on Duty
Intelguardians
Keywords:
0 comment(s)

Comments


Diary Archives