[Snort-sigs] Crusoe Researches offer new rule for detecting IE html Style crashie vulnerability

rmkml rmkml at ...324...
Fri Feb 29 03:27:00 EST 2008


Hi,

Crusoe Researches offering a new rule for detecting IE html Style crashie vulnerability (related to ICQ):

http://www.Crusoe-Researches.com/en/iehtmlstylecrashievulnerability.txt

Credits:
Crusoe Researches
http://www.Crusoe-Researches.com
contact at ...3281...
=> Crusoe Researches have more than 2626 UNIQ 'snort' rules for Commercial Access
         (Contact me directly if you are interested)

Crusoe Researches support Bro idps project format rules (http://www.bro-ids.org/):
signature sid-92626 {
   ip-proto == tcp
   event "WEB-CLIENT IE html style * position relative DoS attempt"
   tcp-state established,responder
   payload /.*\<[sS][tT][yY][lL][eE][^a-zA-Z0-9](.){0,10}*(.){0,15}[pP][oO][sS][iI][tT][iI][oO][nN](.){0,15}[rR][eE][lL][aA][tT][iI][vV][eE](.){0,15}<\/style/
   }


Azwalaro new nidps open source project (WireShark based)
  http://www.Crusoe-Researches.com/azwalaro/
  azwalaro at ...3281...
http matches "(?i)<style[^a-z0-9](.){0,10}\\*(.){0,15}position(.){0,15}relative(.){0,15}</style"

Regards
Rmkml




More information about the Snort-sigs mailing list