Microsoft Office Web Components ActiveX Control ‘msDataSourceObject’ Code Execution Vulnerability Detection Rule

 

CVE-2009-1136

BID:35642

 

를 참조한다.

 

0002E559-0000-0000-C000-000000000046

0002E541-0000-0000-C000-000000000046

 

CLSID는 위와 같다.

취약점이 있는 CLSID를 참조하는 ActiveX를 찾는다.

 

alert tcp any $HTTP_PORT -> any any (content:”clsid”; nocase; content:”0002E541-0000-0000-C000-000000000046″ nocase; distance:0;)

alert tcp any $HTTP_PORT -> any any (content:”clsid”; nocase; content:”0002E541-0000-0000-C000-000000000046″ nocase; distance:0;)

Advertisements

About this entry