""ET ACTIVEX Microsoft Internet Explorer Tabular DataURL ActiveX Control Memory Corruption Attempt""

SID: 2011007

Revision: 10

Class Type: attempted-user

Metadata: affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, created_at 2010_07_30, cve CVE_2010_0805, deployment Perimeter, confidence Medium, signature_severity Major, tag ActiveX, updated_at 2011_04_29

Reference:

  • cve

  • 2010-0805

Protocol: tcp

Source Network: $EXTERNAL_NET

Source Port: $HTTP_PORTS

Destination Network: $HOME_NET

Destination Port: any

Flow: established,to_client

Contents:

  • Value: "333C7BC4-460F-11D0-BC04-0080C7055A83"

  • Value: "DataURL"

  • Value: "value=|22|"

  • Value: !"|0A|"

Within: 100

PCRE: "/]classid\s=\s[\x22\x27]?\sclsid\s\x3a\s\x7B?\s*333C7BC4-460F-11D0-BC04-0080C7055A83/si"

Special Options:

  • file_data

  • nocase

  • nocase

  • nocase

source