[Snort-sigs] While I'm at it Heres an IE rule.

Ureleet Ureleet ureleet at ...2420...
Thu Aug 17 18:45:51 EDT 2006


Lemme go ahead and jot this one down too, since I'm doing bugtraq rules today.

Author:
nop <nop#xsec.org>
http://www.xsec.org


Overview:
A vulnerability has been found in Internet Explorer 6.0 on \
Microsoft Windows 2003. When Internet Explorer tries to \
instantiate the tsuserex.dll (Terminal Services) COM object \
as an ActiveX control, it may corrupt system memory in such \
a way that an attacker may DoS and possibly could execute \
arbitrary code.

alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"COMMUNITY
WEB-CLIENT tsuserex.dll COM Object Instantiation Vulnerability";
flow:from_server,established;
content:"E2E9CAE6-1E7B-4B8E-BABD-E9BF6292AC29"; nocase;
reference:url,www.xsec.org/index.php?module=Releases&act=view&type=1&id=14;)




More information about the Snort-sigs mailing list