MS IE Memory Corruption Vulnerability – MS10-018 (CVE-2010-0805)

alert tcp any 80 -> any any (flow:established, to_client; content:”333C7BC4-460F-11D0-BC04-0080C7055A83″; nocase; pcre:”/clsid\x3a\s+333C7BC4-460F-11D0-BC04-0080C7055A83/i”; pcre:”/\x3cparam[^\r\n]+DataURL[^\r\n]+value\x3d\x22[^\r\n]{128,}/iR”;)

alert tcp any 80 -> any any (flow:established, to_client; content:”TDCCtl.TDCCtl.1″; nocase; pcre:”/Progid\x3a\s+TDCCtl\x2eTDCCtl\x2e1/i”; pcre:”/\x3cparam[^\r\n]+DataURL[^\r\n]+value\x3d\x22[^\r\n]{128,}/iR”;)

reference

http://www.exploit-db.com/exploits/12032

http://cve.mitre.org/cgi-bin/cvename.cgi?name=2010-0805

Advertisements

About this entry