Vulnerability in Microsoft Video ActiveX Control Could Allow Remote Code Execution Detection rules

clsid:011B3619-FE63-4814-8A84-15A194CE9CE3
clsid:0149EEDF-D08F-4142-8D73-D23903D21E90
clsid:0369B4E5-45B6-11D3-B650-00C04F79498E
clsid:0369B4E6-45B6-11D3-B650-00C04F79498E
clsid:055CB2D7-2969-45CD-914B-76890722F112
clsid:0955AC62-BF2E-4CBA-A2B9-A63F772D46CF
clsid:15D6504A-5494-499C-886C-973C9E53B9F1
clsid:1BE49F30-0E1B-11D3-9D8E-00C04F72D980
clsid:1C15D484-911D-11D2-B632-00C04F79498E
clsid:1DF7D126-4050-47F0-A7CF-4C4CA9241333
clsid:2C63E4EB-4CEA-41B8-919C-E947EA19A77C
clsid:334125C0-77E5-11D3-B653-00C04F79498E
clsid:37B0353C-A4C8-11D2-B634-00C04F79498E
clsid:37B03543-A4C8-11D2-B634-00C04F79498E
clsid:37B03544-A4C8-11D2-B634-00C04F79498E
clsid:418008F3-CF67-4668-9628-10DC52BE1D08
clsid:4A5869CF-929D-4040-AE03-FCAFC5B9CD42
clsid:577FAA18-4518-445E-8F70-1473F8CF4BA4
clsid:59DC47A8-116C-11D3-9D8E-00C04F72D980
clsid:7F9CB14D-48E4-43B6-9346-1AEBC39C64D3
clsid:823535A0-0318-11D3-9D8E-00C04F72D980
clsid:8872FF1B-98FA-4D7A-8D93-C9F1055F85BB
clsid:8A674B4C-1F63-11D3-B64C-00C04F79498E
clsid:8A674B4D-1F63-11D3-B64C-00C04F79498E
clsid:9CD64701-BDF3-4D14-8E03-F12983D86664
clsid:9E77AAC4-35E5-42A1-BDC2-8F3FF399847C
clsid:A1A2B1C4-0E3A-11D3-9D8E-00C04F72D980
clsid:A2E3074E-6C3D-11D3-B653-00C04F79498E
clsid:A2E30750-6C3D-11D3-B653-00C04F79498E
clsid:A8DCF3D5-0780-4EF4-8A83-2CFFAACB8ACE
clsid:AD8E510D-217F-409B-8076-29C5E73B98E8
clsid:B0EDF163-910A-11D2-B632-00C04F79498E
clsid:B64016F3-C9A2-4066-96F0-BD9563314726
clsid:BB530C63-D9DF-4B49-9439-63453962E598
clsid:C531D9FD-9685-4028-8B68-6E1232079F1E
clsid:C5702CCC-9B79-11D3-B654-00C04F79498E
clsid:C5702CCD-9B79-11D3-B654-00C04F79498E
clsid:C5702CCE-9B79-11D3-B654-00C04F79498E
clsid:C5702CCF-9B79-11D3-B654-00C04F79498E
clsid:C5702CD0-9B79-11D3-B654-00C04F79498E
clsid:C6B14B32-76AA-4A86-A7AC-5C79AAF58DA7
clsid:CAAFDD83-CEFC-4E3D-BA03-175F17A24F91
clsid:D02AAC50-027E-11D3-9D8E-00C04F72D980
clsid:F9769A06-7ACA-4E39-9CFB-97BB35F0E77E
clsid:FA7C375B-66A7-4280-879D-FD459C84BB02

 

Vulnerable in Microsoft Video ActiveX 를 가지는 CLSID는 위와 같다.

 

각각을 패턴으로 넣는다.

alert any 80 -> any any (flow:to_client,established;

content:”clsid”; nocase; content:”D02AAC50-027E-11D3-9D8E-00C04F72D980″; nocase; distance:0;

pcre:”/\x3d\s*[\x22\x27]?\s*clsid\s*\x3a\s*\x7B?\s*D02AAC50-027E-11D3-9D8E-00C04F72D980/si”;)

 

이런식으로 넣되 clsid만 바꾸어 시그니처를 생성하면된다.

Advertisements

About this entry