MSVidCtl 0-day rule

alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:”ET CURRENT_EVENTS Vulnerable Microsoft Video ActiveX CLSID access (29)”; flow:to_client,established; content:”clsid”; nocase; content:”A8DCF3D5-0780-4EF4-8A83-2CFFAACB8ACE”; nocase; distance:0; pcre:”/]*classid\s*=\s*[\x22\x27]?\s*clsid\s*\x3a\s*\x7B?\s*A2E30750-6C3D-11D3-B653-00C04F79498E/si”; reference:url,microsoft.com/technet/security/advisory/972890.mspx; classtype:web-application-attack; sid:2009598; rev:1;)
alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:”ET CURRENT_EVENTS Vulnerable Microsoft Video ActiveX CLSID access (30)”; flow:to_client,established; content:”clsid”; nocase; content:”AD8E510D-217F-409B-8076-29C5E73B98E8″; nocase; distance:0; pcre:”/]*classid\s*=\s*[\x22\x27]?\s*clsid\s*\x3a\s*\x7B?\s*AD8E510D-217F-409B-8076-29C5E73B98E8/si”; reference:url,microsoft.com/technet/security/advisory/972890.mspx; classtype:web-application-attack; sid:2009599; rev:1;)
alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:”ET CURRENT_EVENTS Vulnerable Microsoft Video ActiveX CLSID access (31)”; flow:to_client,established; content:”clsid”; nocase; content:”B0EDF163-910A-11D2-B632-00C04F79498E”; nocase; distance:0; pcre:”/]*classid\s*=\s*[\x22\x27]?\s*clsid\s*\x3a\s*\x7B?\s*B0EDF163-910A-11D2-B632-00C04F79498E/si”; reference:url,microsoft.com/technet/security/advisory/972890.mspx; classtype:web-application-attack; sid:2009600; rev:1;)
alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:”ET CURRENT_EVENTS Vulnerable Microsoft Video ActiveX CLSID access (32)”; flow:to_client,established; content:”clsid”; nocase; content:”B64016F3-C9A2-4066-96F0-BD9563314726″; nocase; distance:0; pcre:”/]*classid\s*=\s*[\x22\x27]?\s*clsid\s*\x3a\s*\x7B?\s*B64016F3-C9A2-4066-96F0-BD9563314726/si”; reference:url,microsoft.com/technet/security/advisory/972890.mspx; classtype:web-application-attack; sid:2009601; rev:1;)
alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:”ET CURRENT_EVENTS Vulnerable Microsoft Video ActiveX CLSID access (33)”; flow:to_client,established; content:”clsid”; nocase; content:”BB530C63-D9DF-4B49-9439-63453962E598″; nocase; distance:0; pcre:”/]*classid\s*=\s*[\x22\x27]?\s*clsid\s*\x3a\s*\x7B?\s*BB530C63-D9DF-4B49-9439-63453962E598/si”; reference:url,microsoft.com/technet/security/advisory/972890.mspx; classtype:web-application-attack; sid:2009602; rev:1;)
alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:”ET CURRENT_EVENTS Vulnerable Microsoft Video ActiveX CLSID access (34)”; flow:to_client,established; content:”clsid”; nocase; content:”C531D9FD-9685-4028-8B68-6E1232079F1E”; nocase; distance:0; pcre:”/]*classid\s*=\s*[\x22\x27]?\s*clsid\s*\x3a\s*\x7B?\s*C531D9FD-9685-4028-8B68-6E1232079F1E/si”; reference:url,microsoft.com/technet/security/advisory/972890.mspx; classtype:web-application-attack; sid:2009603; rev:1;)
alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:”ET CURRENT_EVENTS Vulnerable Microsoft Video ActiveX CLSID access (35)”; flow:to_client,established; content:”clsid”; nocase; content:”C5702CCC-9B79-11D3-B654-00C04F79498E”; nocase; distance:0; pcre:”/]*classid\s*=\s*[\x22\x27]?\s*clsid\s*\x3a\s*\x7B?\s*C5702CCC-9B79-11D3-B654-00C04F79498E/si”; reference:url,microsoft.com/technet/security/advisory/972890.mspx; classtype:web-application-attack; sid:2009604; rev:1;)
alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:”ET CURRENT_EVENTS Vulnerable Microsoft Video ActiveX CLSID access (36)”; flow:to_client,established; content:”clsid”; nocase; content:”C5702CCD-9B79-11D3-B654-00C04F79498E”; nocase; distance:0; pcre:”/]*classid\s*=\s*[\x22\x27]?\s*clsid\s*\x3a\s*\x7B?\s*C5702CCD-9B79-11D3-B654-00C04F79498E/si”; reference:url,microsoft.com/technet/security/advisory/972890.mspx; classtype:web-application-attack; sid:2009605; rev:1;)
alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:”ET CURRENT_EVENTS Vulnerable Microsoft Video ActiveX CLSID access (37)”; flow:to_client,established; content:”clsid”; nocase; content:”C5702CCE-9B79-11D3-B654-00C04F79498E”; nocase; distance:0; pcre:”/]*classid\s*=\s*[\x22\x27]?\s*clsid\s*\x3a\s*\x7B?\s*C5702CCE-9B79-11D3-B654-00C04F79498E/si”; reference:url,microsoft.com/technet/security/advisory/972890.mspx; classtype:web-application-attack; sid:2009606; rev:1;)
alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:”ET CURRENT_EVENTS Vulnerable Microsoft Video ActiveX CLSID access (38)”; flow:to_client,established; content:”clsid”; nocase; content:”C5702CCF-9B79-11D3-B654-00C04F79498E”; nocase; distance:0; pcre:”/]*classid\s*=\s*[\x22\x27]?\s*clsid\s*\x3a\s*\x7B?\s*C5702CCF-9B79-11D3-B654-00C04F79498E/si”; reference:url,microsoft.com/technet/security/advisory/972890.mspx; classtype:web-application-attack; sid:2009607; rev:1;)
alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:”ET CURRENT_EVENTS Vulnerable Microsoft Video ActiveX CLSID access (39)”; flow:to_client,established; content:”clsid”; nocase; content:”C5702CD0-9B79-11D3-B654-00C04F79498E”; nocase; distance:0; pcre:”/]*classid\s*=\s*[\x22\x27]?\s*clsid\s*\x3a\s*\x7B?\s*C5702CD0-9B79-11D3-B654-00C04F79498E/si”; reference:url,microsoft.com/technet/security/advisory/972890.mspx; classtype:web-application-attack; sid:2009608; rev:1;)
alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:”ET CURRENT_EVENTS Vulnerable Microsoft Video ActiveX CLSID access (40)”; flow:to_client,established; content:”clsid”; nocase; content:”C6B14B32-76AA-4A86-A7AC-5C79AAF58DA7″; nocase; distance:0; pcre:”/]*classid\s*=\s*[\x22\x27]?\s*clsid\s*\x3a\s*\x7B?\s*C6B14B32-76AA-4A86-A7AC-5C79AAF58DA7/si”; reference:url,microsoft.com/technet/security/advisory/972890.mspx; classtype:web-application-attack; sid:2009609; rev:1;)
alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:”ET CURRENT_EVENTS Vulnerable Microsoft Video ActiveX CLSID access (41)”; flow:to_client,established; content:”clsid”; nocase; content:”CAAFDD83-CEFC-4E3D-BA03-175F17A24F91″; nocase; distance:0; pcre:”/]*classid\s*=\s*[\x22\x27]?\s*clsid\s*\x3a\s*\x7B?\s*CAAFDD83-CEFC-4E3D-BA03-175F17A24F91/si”; reference:url,microsoft.com/technet/security/advisory/972890.mspx; classtype:web-application-attack; sid:2009610; rev:1;)
alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:”ET CURRENT_EVENTS Vulnerable Microsoft Video ActiveX CLSID access (42)”; flow:to_client,established; content:”clsid”; nocase; content:”D02AAC50-027E-11D3-9D8E-00C04F72D980″; nocase; distance:0; pcre:”/]*classid\s*=\s*[\x22\x27]?\s*clsid\s*\x3a\s*\x7B?\s*D02AAC50-027E-11D3-9D8E-00C04F72D980/si”; reference:url,microsoft.com/technet/security/advisory/972890.mspx; classtype:web-application-attack; sid:2009611; rev:1;)
alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:”ET CURRENT_EVENTS Vulnerable Microsoft Video ActiveX CLSID access (43)”; flow:to_client,established; content:”clsid”; nocase; content:”F9769A06-7ACA-4E39-9CFB-97BB35F0E77E”; nocase; distance:0; pcre:”/]*classid\s*=\s*[\x22\x27]?\s*clsid\s*\x3a\s*\x7B?\s*F9769A06-7ACA-4E39-9CFB-97BB35F0E77E/si”; reference:url,microsoft.com/technet/security/advisory/972890.mspx; classtype:web-application-attack; sid:2009612; rev:1;)
alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:”ET CURRENT_EVENTS Vulnerable Microsoft Video ActiveX CLSID access (44)”; flow:to_client,established; content:”clsid”; nocase; content:”FA7C375B-66A7-4280-879D-FD459C84BB02″; nocase; distance:0; pcre:”/]*classid\s*=\s*[\x22\x27]?\s*clsid\s*\x3a\s*\x7B?\s*FA7C375B-66A7-4280-879D-FD459C84BB02/si”; reference:url,microsoft.com/technet/security/advisory/972890.mspx; classtype:web-application-attack; sid:2009613; rev:1;)
alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:”ET CURRENT_EVENTS Vulnerable Microsoft Video ActiveX CLSID access (1)”; flow:to_client,established; content:”clsid”; nocase; content:”011B3619-FE63-4814-8A84-15A194CE9CE3″; nocase; distance:0; pcre:”/]*classid\s*=\s*[\x22\x27]?\s*clsid\s*\x3a\s*\x7B?\s*011B3619-FE63-4814-8A84-15A194CE9CE3/si”; reference:url,microsoft.com/technet/security/advisory/972890.mspx; classtype:web-application-attack; sid:2009614; rev:1;)
alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:”ET CURRENT_EVENTS Vulnerable Microsoft Video ActiveX CLSID access (2)”; flow:to_client,established; content:”clsid”; nocase; content:”0149EEDF-D08F-4142-8D73-D23903D21E90″; nocase; distance:0; pcre:”/]*classid\s*=\s*[\x22\x27]?\s*clsid\s*\x3a\s*\x7B?\s*0149EEDF-D08F-4142-8D73-D23903D21E90/si”; reference:url,microsoft.com/technet/security/advisory/972890.mspx; classtype:web-application-attack; sid:200615; rev:1;)
alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:”ET CURRENT_EVENTS Vulnerable Microsoft Video ActiveX CLSID access (3)”; flow:to_client,established; content:”clsid”; nocase; content:”0369B4E5-45B6-11D3-B650-00C04F79498E”; nocase; distance:0; pcre:”/]*classid\s*=\s*[\x22\x27]?\s*clsid\s*\x3a\s*\x7B?\s*0369B4E5-45B6-11D3-B650-00C04F79498E/si”; reference:url,microsoft.com/technet/security/advisory/972890.mspx; classtype:web-application-attack; sid:2009616; rev:1;)
alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:”ET CURRENT_EVENTS Vulnerable Microsoft Video ActiveX CLSID access (4)”; flow:to_client,established; content:”clsid”; nocase; content:”0369B4E6-45B6-11D3-B650-00C04F79498E”; nocase; distance:0; pcre:”/]*classid\s*=\s*[\x22\x27]?\s*clsid\s*\x3a\s*\x7B?\s*0369B4E6-45B6-11D3-B650-00C04F79498E/si”; reference:url,microsoft.com/technet/security/advisory/972890.mspx; classtype:web-application-attack; sid:2009617; rev:1;)
alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:”ET CURRENT_EVENTS Vulnerable Microsoft Video ActiveX CLSID access (5)”; flow:to_client,established; content:”clsid”; nocase; content:”055CB2D7-2969-45CD-914B-76890722F112″; nocase; distance:0; pcre:”/]*classid\s*=\s*[\x22\x27]?\s*clsid\s*\x3a\s*\x7B?\s*055CB2D7-2969-45CD-914B-76890722F112/si”; reference:url,microsoft.com/technet/security/advisory/972890.mspx; classtype:web-application-attack; sid:2009618; rev:1;)
alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:”ET CURRENT_EVENTS Vulnerable Microsoft Video ActiveX CLSID access (6)”; flow:to_client,established; content:”clsid”; nocase; content:”15D6504A-5494-499C-886C-973C9E53B9F1″; nocase; distance:0; pcre:”/]*classid\s*=\s*[\x22\x27]?\s*clsid\s*\x3a\s*\x7B?\s*15D6504A-5494-499C-886C-973C9E53B9F1/si”; reference:url,microsoft.com/technet/security/advisory/972890.mspx; classtype:web-application-attack; sid:2009619; rev:1;)
alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:”ET CURRENT_EVENTS Vulnerable Microsoft Video ActiveX CLSID access (7)”; flow:to_client,established; content:”clsid”; nocase; content:”1BE49F30-0E1B-11D3-9D8E-00C04F72D980″; nocase; distance:0; pcre:”/]*classid\s*=\s*[\x22\x27]?\s*clsid\s*\x3a\s*\x7B?\s*1BE49F30-0E1B-11D3-9D8E-00C04F72D980/si”; reference:url,microsoft.com/technet/security/advisory/972890.mspx; classtype:web-application-attack; sid:2009620; rev:1;)
alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:”ET CURRENT_EVENTS Vulnerable Microsoft Video ActiveX CLSID access (8)”; flow:to_client,established; content:”clsid”; nocase; content:”1C15D484-911D-11D2-B632-00C04F79498E”; nocase; distance:0; pcre:”/]*classid\s*=\s*[\x22\x27]?\s*clsid\s*\x3a\s*\x7B?\s*1C15D484-911D-11D2-B632-00C04F79498E/si”; reference:url,microsoft.com/technet/security/advisory/972890.mspx; classtype:web-application-attack; sid:2009621; rev:1;)
alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:”ET CURRENT_EVENTS Vulnerable Microsoft Video ActiveX CLSID access (9)”; flow:to_client,established; content:”clsid”; nocase; content:”1DF7D126-4050-47F0-A7CF-4C4CA9241333″; nocase; distance:0; pcre:”/]*classid\s*=\s*[\x22\x27]?\s*clsid\s*\x3a\s*\x7B?\s*1DF7D126-4050-47F0-A7CF-4C4CA9241333/si”; reference:url,microsoft.com/technet/security/advisory/972890.mspx; classtype:web-application-attack; sid:2009622; rev:1;)
alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:”ET CURRENT_EVENTS Vulnerable Microsoft Video ActiveX CLSID access (10)”; flow:to_client,established; content:”clsid”; nocase; content:”2C63E4EB-4CEA-41B8-919C-E947EA19A77C”; nocase; distance:0; pcre:”/]*classid\s*=\s*[\x22\x27]?\s*clsid\s*\x3a\s*\x7B?\s*2C63E4EB-4CEA-41B8-919C-E947EA19A77C/si”; reference:url,microsoft.com/technet/security/advisory/972890.mspx; classtype:web-application-attack; sid:2009623; rev:1;)
alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:”ET CURRENT_EVENTS Vulnerable Microsoft Video ActiveX CLSID access (11)”; flow:to_client,established; content:”clsid”; nocase; content:”334125C0-77E5-11D3-B653-00C04F79498E”; nocase; distance:0; pcre:”/]*classid\s*=\s*[\x22\x27]?\s*clsid\s*\x3a\s*\x7B?\s*334125C0-77E5-11D3-B653-00C04F79498E/si”; reference:url,microsoft.com/technet/security/advisory/972890.mspx; classtype:web-application-attack; sid:2009624; rev:1;)
alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:”ET CURRENT_EVENTS Vulnerable Microsoft Video ActiveX CLSID access (12)”; flow:to_client,established; content:”clsid”; nocase; content:”37B0353C-A4C8-11D2-B634-00C04F79498E”; nocase; distance:0; pcre:”/]*classid\s*=\s*[\x22\x27]?\s*clsid\s*\x3a\s*\x7B?\s*37B0353C-A4C8-11D2-B634-00C04F79498E/si”; reference:url,microsoft.com/technet/security/advisory/972890.mspx; classtype:web-application-attack; sid:2009625; rev:1;)
alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:”ET CURRENT_EVENTS Vulnerable Microsoft Video ActiveX CLSID access (13)”; flow:to_client,established; content:”clsid”; nocase; content:”37B03543-A4C8-11D2-B634-00C04F79498E”; nocase; distance:0; pcre:”/]*classid\s*=\s*[\x22\x27]?\s*clsid\s*\x3a\s*\x7B?\s*37B03543-A4C8-11D2-B634-00C04F79498E/si”; reference:url,microsoft.com/technet/security/advisory/972890.mspx; classtype:web-application-attack; sid:2009626; rev:1;)
alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:”ET CURRENT_EVENTS Vulnerable Microsoft Video ActiveX CLSID access (14)”; flow:to_client,established; content:”clsid”; nocase; content:”37B03544-A4C8-11D2-B634-00C04F79498E”; nocase; distance:0; pcre:”/]*classid\s*=\s*[\x22\x27]?\s*clsid\s*\x3a\s*\x7B?\s*37B03544-A4C8-11D2-B634-00C04F79498E/si”; reference:url,microsoft.com/technet/security/advisory/972890.mspx; classtype:web-application-attack; sid:2009627; rev:1;)
alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:”ET CURRENT_EVENTS Vulnerable Microsoft Video ActiveX CLSID access (15)”; flow:to_client,established; content:”clsid”; nocase; content:”418008F3-CF67-4668-9628-10DC52BE1D08″; nocase; distance:0; pcre:”/]*classid\s*=\s*[\x22\x27]?\s*clsid\s*\x3a\s*\x7B?\s*418008F3-CF67-4668-9628-10DC52BE1D08/si”; reference:url,microsoft.com/technet/security/advisory/972890.mspx; classtype:web-application-attack; sid:2009628; rev:1;)
alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:”ET CURRENT_EVENTS Vulnerable Microsoft Video ActiveX CLSID access (16)”; flow:to_client,established; content:”clsid”; nocase; content:”4A5869CF-929D-4040-AE03-FCAFC5B9CD42″; nocase; distance:0; pcre:”/]*classid\s*=\s*[\x22\x27]?\s*clsid\s*\x3a\s*\x7B?\s*4A5869CF-929D-4040-AE03-FCAFC5B9CD42/si”; reference:url,microsoft.com/technet/security/advisory/972890.mspx; classtype:web-application-attack; sid:2009629; rev:1;)
alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:”ET CURRENT_EVENTS Vulnerable Microsoft Video ActiveX CLSID access (17)”; flow:to_client,established; content:”clsid”; nocase; content:”577FAA18-4518-445E-8F70-1473F8CF4BA4″; nocase; distance:0; pcre:”/]*classid\s*=\s*[\x22\x27]?\s*clsid\s*\x3a\s*\x7B?\s*577FAA18-4518-445E-8F70-1473F8CF4BA4/si”; reference:url,microsoft.com/technet/security/advisory/972890.mspx; classtype:web-application-attack; sid:2009630; rev:1;)
alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:”ET CURRENT_EVENTS Vulnerable Microsoft Video ActiveX CLSID access (18)”; flow:to_client,established; content:”clsid”; nocase; content:”59DC47A8-116C-11D3-9D8E-00C04F72D980″; nocase; distance:0; pcre:”/]*classid\s*=\s*[\x22\x27]?\s*clsid\s*\x3a\s*\x7B?\s*59DC47A8-116C-11D3-9D8E-00C04F72D980/si”; reference:url,microsoft.com/technet/security/advisory/972890.mspx; classtype:web-application-attack; sid:2009631; rev:1;)
alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:”ET CURRENT_EVENTS Vulnerable Microsoft Video ActiveX CLSID access (19)”; flow:to_client,established; content:”clsid”; nocase; content:”7F9CB14D-48E4-43B6-9346-1AEBC39C64D3″; nocase; distance:0; pcre:”/]*classid\s*=\s*[\x22\x27]?\s*clsid\s*\x3a\s*\x7B?\s*7F9CB14D-48E4-43B6-9346-1AEBC39C64D3/si”; reference:url,microsoft.com/technet/security/advisory/972890.mspx; classtype:web-application-attack; sid:2009632; rev:1;)
alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:”ET CURRENT_EVENTS Vulnerable Microsoft Video ActiveX CLSID access (20)”; flow:to_client,established; content:”clsid”; nocase; content:”823535A0-0318-11D3-9D8E-00C04F72D980″; nocase; distance:0; pcre:”/]*classid\s*=\s*[\x22\x27]?\s*clsid\s*\x3a\s*\x7B?\s*823535A0-0318-11D3-9D8E-00C04F72D980/si”; reference:url,microsoft.com/technet/security/advisory/972890.mspx; classtype:web-application-attack; sid:2009633; rev:1;)
alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:”ET CURRENT_EVENTS Vulnerable Microsoft Video ActiveX CLSID access (21)”; flow:to_client,established; content:”clsid”; nocase; content:”8872FF1B-98FA-4D7A-8D93-C9F1055F85BB”; nocase; distance:0; pcre:”/]*classid\s*=\s*[\x22\x27]?\s*clsid\s*\x3a\s*\x7B?\s*8872FF1B-98FA-4D7A-8D93-C9F1055F85BB/si”; reference:url,microsoft.com/technet/security/advisory/972890.mspx; classtype:web-application-attack; sid:2009634; rev:1;)
alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:”ET CURRENT_EVENTS Vulnerable Microsoft Video ActiveX CLSID access (22)”; flow:to_client,established; content:”clsid”; nocase; content:”8A674B4C-1F63-11D3-B64C-00C04F79498E”; nocase; distance:0; pcre:”/]*classid\s*=\s*[\x22\x27]?\s*clsid\s*\x3a\s*\x7B?\s*8A674B4C-1F63-11D3-B64C-00C04F79498E/si”; reference:url,microsoft.com/technet/security/advisory/972890.mspx; classtype:web-application-attack; sid:2009635; rev:1;)
alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:”ET CURRENT_EVENTS Vulnerable Microsoft Video ActiveX CLSID access (23)”; flow:to_client,established; content:”clsid”; nocase; content:”8A674B4D-1F63-11D3-B64C-00C04F79498E”; nocase; distance:0; pcre:”/]*classid\s*=\s*[\x22\x27]?\s*clsid\s*\x3a\s*\x7B?\s*8A674B4D-1F63-11D3-B64C-00C04F79498E/si”; reference:url,microsoft.com/technet/security/advisory/972890.mspx; classtype:web-application-attack; sid:2009636; rev:1;)
alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:”ET CURRENT_EVENTS Vulnerable Microsoft Video ActiveX CLSID access (24)”; flow:to_client,established; content:”clsid”; nocase; content:”9CD64701-BDF3-4D14-8E03-F12983D86664″; nocase; distance:0; pcre:”/]*classid\s*=\s*[\x22\x27]?\s*clsid\s*\x3a\s*\x7B?\s*9CD64701-BDF3-4D14-8E03-F12983D86664/si”; reference:url,microsoft.com/technet/security/advisory/972890.mspx; classtype:web-application-attack; sid:2009638; rev:1;)
alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:”ET CURRENT_EVENTS Vulnerable Microsoft Video ActiveX CLSID access (25)”; flow:to_client,established; content:”clsid”; nocase; content:”9E77AAC4-35E5-42A1-BDC2-8F3FF399847C”; nocase; distance:0; pcre:”/]*classid\s*=\s*[\x22\x27]?\s*clsid\s*\x3a\s*\x7B?\s*9E77AAC4-35E5-42A1-BDC2-8F3FF399847C/si”; reference:url,microsoft.com/technet/security/advisory/972890.mspx; classtype:web-application-attack; sid:2009639; rev:1;)
alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:”ET CURRENT_EVENTS Vulnerable Microsoft Video ActiveX CLSID access (26)”; flow:to_client,established; content:”clsid”; nocase; content:”A1A2B1C4-0E3A-11D3-9D8E-00C04F72D980″; nocase; distance:0; pcre:”/]*classid\s*=\s*[\x22\x27]?\s*clsid\s*\x3a\s*\x7B?\s*A1A2B1C4-0E3A-11D3-9D8E-00C04F72D980/si”; reference:url,microsoft.com/technet/security/advisory/972890.mspx; classtype:web-application-attack; sid:2009640; rev:1;)
alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:”ET CURRENT_EVENTS Vulnerable Microsoft Video ActiveX CLSID access (27)”; flow:to_client,established; content:”clsid”; nocase; content:”A2E3074E-6C3D-11D3-B653-00C04F79498E”; nocase; distance:0; pcre:”/]*classid\s*=\s*[\x22\x27]?\s*clsid\s*\x3a\s*\x7B?\s*A2E3074E-6C3D-11D3-B653-00C04F79498E/si”; reference:url,microsoft.com/technet/security/advisory/972890.mspx; classtype:web-application-attack; sid:2009641; rev:1;)
alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:”ET CURRENT_EVENTS Vulnerable Microsoft Video ActiveX CLSID access (28)”; flow:to_client,established; content:”clsid”; nocase; content:”A2E30750-6C3D-11D3-B653-00C04F79498E”; nocase; distance:0; pcre:”/]*classid\s*=\s*[\x22\x27]?\s*clsid\s*\x3a\s*\x7B?\s*A2E30750-6C3D-11D3-B653-00C04F79498E/si”; reference:url,microsoft.com/technet/security/advisory/972890.mspx; classtype:web-application-attack; sid:2009642; rev:1;)

최초 클래스아이디 두개 이외에 상위 CLSID도 차단해야 할것 입니다.

–> http://node5.blogspot.com/2009/07/adm-template-that-sets-killbits-for.html

Advertisements

About this entry