ET ACTIVEX Apple QuickTime _Marshaled_pUnk Backdoor Param Arbitrary Code Execution Attempt
Sourceet/open
Fileemerging-activex.rules
CreatedSeptember 28, 2010
UpdatedApril 9, 2024
Classificationattempted-user
alert http $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET ACTIVEX Apple QuickTime _Marshaled_pUnk Backdoor Param Arbitrary Code Execution Attempt"; flow:established,to_client ; file.data; content:"clsid"; nocase; content:"02BF25D5-8C17-4B23-BC80-D3488ABDDC6B"; fast_pattern; nocase; distance:0; content:"_Marshaled_pUnk"; nocase; pcre:"/<OBJECT\s+[^>]*classid\s*=\s*[\x22\x27]?\s*clsid\s*\x3a\s*\x7B?\s*02BF25D5-8C17-4B23-BC80-D3488ABDDC6B/si"; reference:url,www.exploit-db.com/exploits/14843/ ; classtype:attempted-user; sid:2011412; rev:4; metadata:created_at 2010_09_28, confidence Medium, signature_severity Major, updated_at 2024_04_09;)
References
Metadata
created at2010_09_28
confidenceMedium
signature severityMajor
updated at2024_04_09
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!