""ET WEB_CLIENT Winzip 15.0 WZFLDVW.OCX IconIndex Property Denial of Service""

SID: 2012052

Revision: 1

Class Type: misc-attack

Metadata: affected_product Web_Browsers, affected_product Web_Browser_Plugins, attack_target Client_Endpoint, created_at 2010_12_14, deployment Perimeter, signature_severity Major, tag Web_Client_Attacks, updated_at 2010_12_14

Reference:

• Link

Protocol: tcp

Source Network: $EXTERNAL_NET

Source Port: $HTTP_PORTS

Destination Network: $HOME_NET

Destination Port: any

Flow: established,to_client

Contents:

• Value: "clsid"

• Value: "4E3770F4-1937-4F05-B9A2-959BE7321909"

• Value: "|22|IconIndex|22|"

Within:

PCRE: "/]\sclassid\s=\s(\x22|\x27)\sclsid\s\x3a\s{?\s4E3770F4-1937-4F05-B9A2-959BE7321909\s}?(.)>/si"

Special Options:

• nocase

• nocase

source