Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: Snort Rule released on BleedingSnort for the Windows Javascript vulnerability - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Snort Rule released on BleedingSnort for the Windows Javascript vulnerability
alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any
(msg:"BLEEDING-EDGE CURRENT EVENTS Microsoft Internet
Explorer Window() Possible Code Execution"; flow:established,from_server;
content:"window"; nocase; pcre:"/[=:'"s]windows*(s*)/i";
reference:url,secunia.com/advisories/15546; \  reference:url,www.computerterrorism.com/research/ie/ct21-11-2005;
reference:cve,2005-1790; classtype:attempted-user; sid:2002682; rev:1; )


Download it directly from here:

http://www.bleedingsnort.com/cgi-bin/viewcvs.cgi/sigs/CURRENT_EVENTS/CURRENT_Internet_Explorer?view=markup


Please let us know about problems with this rule, and/or when you notice sites hosting/performing this exploit.

thanks!

Mike Poor
Handler on Duty
Intelguardians
Mike

49 Posts

Sign Up for Free or Log In to start participating in the conversation!