⭐ 欢迎来到虫虫下载站! | 📦 资源下载 📁 资源专辑 ℹ️ 关于我们
⭐ 虫虫下载站
📤 上传资源

📄 web-client.rules

📁 This is the snapshot of Snot Latest Rules
💻 RULES
📖 第 1 页 / 共 2 页
字号:
🔍
12 
# Autogenerated skeleton rules file.  Do NOT edit by handalert tcp $EXTERNAL_NET $HTTP_PORTS <> $HOME_NET any (msg:"WEB-CLIENT Windows BMP image conversion arbitrary code execution attempt"; sid:13879; gid:3; rev:1; classtype:attempted-user; reference:cve,2006-4841; reference:url,www.microsoft.com/technet/security/Bulletin/ms08-044.mspx; metadata: engine shared, soid 3|13879, policy balanced-ips drop, policy security-ips drop;)alert tcp $EXTERNAL_NET $HTTP_PORTS <> $HOME_NET any (msg:"WEB-CLIENT Microsoft Office eps filters memory corruption attempt"; sid:13970; gid:3; rev:1; classtype:attempted-user; reference:cve,2006-1317; reference:url,www.microsoft.com/technet/security/Bulletin/MS08-044.mspx; metadata: engine shared, soid 3|13970, service http, policy balanced-ips drop, policy security-ips drop;)alert tcp $EXTERNAL_NET $HTTP_PORTS <> $HOME_NET any (msg:"WEB-CLIENT Apple PICT/Quickdraw image converter packType 3 buffer overflow exploit attempt"; sid:13947; gid:3; rev:1; classtype:attempted-user; reference:cve,2006-1307; reference:url,www.microsoft.com/technet/security/bulletin/ms08-044.mspx; metadata: engine shared, soid 3|13947, service http, policy balanced-ips drop, policy security-ips drop;)alert tcp $EXTERNAL_NET $HTTP_PORTS <> $HOME_NET any (msg:"WEB-CLIENT Apple PICT/Quickdraw image converter packType 4 buffer overflow exploit attempt"; sid:13946; gid:3; rev:1; classtype:attempted-user; reference:cve,2006-5992; reference:url,www.microsoft.com/technet/security/bulletin/ms08-044.mspx; metadata: engine shared, soid 3|13946, service http, policy balanced-ips drop, policy security-ips drop;)alert tcp $EXTERNAL_NET $HTTP_PORTS <> $HOME_NET any (msg:"WEB-CLIENT WordPerfect Graphics file invalid RLE buffer overflow attempt"; sid:13958; gid:3; rev:1; classtype:attempted-user; reference:cve,2007-1207; reference:url,www.microsoft.com/technet/security/bulletin/ms08-044.mspx; metadata: engine shared, soid 3|13958;)alert tcp $EXTERNAL_NET $HTTP_PORTS <> $HOME_NET any (msg:"WEB-CLIENT Microsoft Office Web Components remote code execution attempt ActiveX clsid access"; sid:13580; gid:3; rev:1; classtype:attempted-user; reference:cve,2006-4695; reference:url,www.microsoft.com/technet/security/bulletin/MS08-017.mspx; metadata: engine shared, soid 3|13580;)alert tcp $EXTERNAL_NET $HTTP_PORTS <> $HOME_NET any (msg:"WEB-CLIENT Microsoft Office Web Components remote code execution attempt ActiveX clsid unicode access"; sid:13581; gid:3; rev:1; classtype:attempted-user; reference:cve,2006-4695; reference:url,www.microsoft.com/technet/security/bulletin/MS08-017.mspx; metadata: engine shared, soid 3|13581;)alert tcp $EXTERNAL_NET 80 <> $HOME_NET any (msg:"WEB-CLIENT vbscript/jscript scripting engine begin buffer overflow attempt"; sid:13448; gid:3; rev:1; classtype:attempted-user; reference:cve,2008-0083; reference:url,www.microsoft.com/technet/security/bulletin/MS08-022.mspx; metadata: engine shared, soid 3|13448;)alert tcp $EXTERNAL_NET 80 <> $HOME_NET any (msg:"WEB-CLIENT vbscript/jscript scripting engine end buffer overflow attempt"; sid:13449; gid:3; rev:1; classtype:attempted-user; reference:cve,2008-0083; reference:url,www.microsoft.com/technet/security/bulletin/MS08-022.mspx; metadata: engine shared, soid 3|13449;)alert tcp $EXTERNAL_NET $HTTP_PORTS <> $HOME_NET any (msg:"WEB-CLIENT Microsoft DXLUTBuilder ActiveX clsid access"; sid:13453; gid:3; rev:1; classtype:attempted-user; reference:cve,2008-0078; reference:url,www.microsoft.com/technet/security/bulletin/MS08-010.mspx; metadata: engine shared, soid 3|13453;)alert tcp $EXTERNAL_NET $HTTP_PORTS <> $HOME_NET any (msg:"WEB-CLIENT Microsoft DXLUTBuilder ActiveX clsid unicode access"; sid:13454; gid:3; rev:1; classtype:attempted-user; reference:cve,2008-0078; reference:url,www.microsoft.com/technet/security/bulletin/MS08-010.mspx; metadata: engine shared, soid 3|13454;)alert tcp $EXTERNAL_NET $HTTP_PORTS <> $HOME_NET any (msg:"WEB-CLIENT Microsoft DXLUTBuilder ActiveX function call access"; sid:13455; gid:3; rev:1; classtype:attempted-user; reference:cve,2008-0078; reference:url,www.microsoft.com/technet/security/bulletin/MS08-010.mspx; metadata: engine shared, soid 3|13455;)alert tcp $EXTERNAL_NET $HTTP_PORTS <> $HOME_NET any (msg:"WEB-CLIENT Microsoft DXLUTBuilder ActiveX function call unicode access"; sid:13456; gid:3; rev:1; classtype:attempted-user; reference:cve,2008-0078; reference:url,www.microsoft.com/technet/security/bulletin/MS08-010.mspx; metadata: engine shared, soid 3|13456;)alert tcp $EXTERNAL_NET $HTTP_PORTS <> $HOME_NET any (msg:"WEB-CLIENT Microsoft Visual FoxPro foxtlib ActiveX clsid access"; sid:13451; gid:3; rev:1; classtype:attempted-user; reference:bugtraq,25571; reference:cve,2007-4790; reference:url,www.microsoft.com/technet/security/bulletin/ms08-010.mspx; metadata: engine shared, soid 3|13451;)alert tcp $EXTERNAL_NET $HTTP_PORTS <> $HOME_NET any (msg:"WEB-CLIENT Microsoft Visual FoxPro foxtlib ActiveX clsid unicode access"; sid:13452; gid:3; rev:1; classtype:attempted-user; reference:bugtraq,25571; reference:cve,2007-4790; reference:url,www.microsoft.com/technet/security/bulletin/ms08-010.mspx; metadata: engine shared, soid 3|13452;)alert tcp $EXTERNAL_NET $HTTP_PORTS <> $HOME_NET any (msg:"WEB-CLIENT Microsoft WebDAV MiniRedir remote code execution attempt"; sid:13474; gid:3; rev:2; classtype:attempted-user; reference:cve,2007-0065; reference:url,www.microsoft.com/technet/security/bulletin/ms08-007.mspx; metadata: engine shared, soid 3|13474;)alert tcp $EXTERNAL_NET $HTTP_PORTS <> $HOME_NET any (msg:"WEB-CLIENT Microsoft Word ole stream memory corruption attempt"; sid:13469; gid:3; rev:1; classtype:attempted-user; reference:cve,2008-0109; reference:url,www.microsoft.com/technet/security/bulletin/ms08-009.mspx; metadata: engine shared, soid 3|13469;)alert tcp $EXTERNAL_NET $HTTP_PORTS <> $HOME_NET any (msg:"WEB-CLIENT Microsoft Works heap corruption attempt"; sid:13466; gid:3; rev:1; classtype:attempted-user; reference:cve,2007-0216; reference:url,www.microsoft.com/technet/security/bulletin/ms08-011.mspx; metadata: engine shared, soid 3|13466;)alert tcp $EXTERNAL_NET $HTTP_PORTS <> $HOME_NET any (msg:"WEB-CLIENT Microsoft Excel macro validation arbitrary code execution attempt"; sid:13569; gid:3; rev:1; classtype:attempted-user; reference:cve,2008-0081; reference:url,www.microsoft.com/technet/security/bulletin/MS08-014.mspx; metadata: engine shared, soid 3|13569;)alert tcp $EXTERNAL_NET $HTTP_PORTS <> $HOME_NET any (msg:"WEB-CLIENT Microsoft Forms 2.0 ActiveX clsid access"; sid:13457; gid:3; rev:1; classtype:attempted-user; reference:cve,2007-0065; reference:url,www.microsoft.com/technet/security/bulletin/MS08-008.mspx; metadata: engine shared, soid 3|13457;)alert tcp $EXTERNAL_NET $HTTP_PORTS <> $HOME_NET any (msg:"WEB-CLIENT Microsoft Forms 2.0 ActiveX clsid unicode access"; sid:13458; gid:3; rev:1; classtype:attempted-user; reference:cve,2007-0065; reference:url,www.microsoft.com/technet/security/bulletin/MS08-008.mspx; metadata: engine shared, soid 3|13458;)alert tcp $EXTERNAL_NET $HTTP_PORTS <> $HOME_NET any (msg:"WEB-CLIENT Microsoft Forms 2.0 ActiveX function call access"; sid:13459; gid:3; rev:1; classtype:attempted-user; reference:cve,2007-0065; reference:url,www.microsoft.com/technet/security/bulletin/MS08-008.mspx; metadata: engine shared, soid 3|13459;)alert tcp $EXTERNAL_NET $HTTP_PORTS <> $HOME_NET any (msg:"WEB-CLIENT Microsoft Forms 2.0 ActiveX function call unicode access"; sid:13460; gid:3; rev:1; classtype:attempted-user; reference:cve,2007-0065; reference:url,www.microsoft.com/technet/security/bulletin/MS08-008.mspx; metadata: engine shared, soid 3|13460;)alert tcp $EXTERNAL_NET $HTTP_PORTS <> $HOME_NET any (msg:"WEB-CLIENT Microsoft GDI emf filename buffer overflow attempt"; sid:13676; gid:3; rev:1; classtype:attempted-user; reference:cve,2008-1087; reference:url,www.microsoft.com/technet/security/bulletin/MS08-021.mspx; metadata: engine shared, soid 3|13676, policy security-ips drop;)alert tcp $EXTERNAL_NET $HTTP_PORTS <> $HOME_NET any (msg:"WEB-CLIENT Microsoft GDI integer overflow attempt"; sid:13666; gid:3; rev:1; classtype:attempted-user; reference:cve,2008-1083; reference:url,www.microsoft.com/technet/security/bulletin/MS08-021.mspx; metadata: engine shared, soid 3|13666, policy security-ips drop;)alert tcp $EXTERNAL_NET $HTTP_PORTS <> $HOME_NET any (msg:"WEB-CLIENT Microsoft Help 2.0 Contents Control ActiveX clsid access"; sid:13668; gid:3; rev:1; classtype:attempted-user; reference:cve,2008-1086; reference:url,www.microsoft.com/technet/security/Bulletin/MS08-023.mspx; metadata: engine shared, soid 3|13668, service http, policy security-ips drop;)alert tcp $EXTERNAL_NET $HTTP_PORTS <> $HOME_NET any (msg:"WEB-CLIENT Microsoft Help 2.0 Contents Control ActiveX clsid unicode access"; sid:13669; gid:3; rev:1; classtype:attempted-user; reference:cve,2008-1086; reference:url,www.microsoft.com/technet/security/Bulletin/MS08-023.mspx; metadata: engine shared, soid 3|13669, service http, policy security-ips drop;)alert tcp $EXTERNAL_NET $HTTP_PORTS <> $HOME_NET any (msg:"WEB-CLIENT Microsoft Help 2.0 Contents Control ActiveX function call access"; sid:13670; gid:3; rev:1; classtype:attempted-user; reference:cve,2008-1086; reference:url,www.microsoft.com/technet/security/Bulletin/MS08-023.mspx; metadata: engine shared, soid 3|13670, service http, policy security-ips drop;)alert tcp $EXTERNAL_NET $HTTP_PORTS <> $HOME_NET any (msg:"WEB-CLIENT Microsoft Help 2.0 Contents Control ActiveX function call unicode access"; sid:13671; gid:3; rev:1; classtype:attempted-user; reference:cve,2008-1086; reference:url,www.microsoft.com/technet/security/Bulletin/MS08-023.mspx; metadata: engine shared, soid 3|13671, service http, policy security-ips drop;)alert tcp $EXTERNAL_NET $HTTP_PORTS <> $HOME_NET any (msg:"WEB-CLIENT Microsoft Help 2.0 Contents Control 2 ActiveX clsid access"; sid:13672; gid:3; rev:1; classtype:attempted-user; reference:cve,2008-1086; reference:url,www.microsoft.com/technet/security/Bulletin/MS08-023.mspx; metadata: engine shared, soid 3|13672, service http, policy security-ips drop;)alert tcp $EXTERNAL_NET $HTTP_PORTS <> $HOME_NET any (msg:"WEB-CLIENT Microsoft Help 2.0 Contents Control 2 ActiveX clsid unicode access"; sid:13673; gid:3; rev:1; classtype:attempted-user; reference:cve,2008-1086; reference:url,www.microsoft.com/technet/security/Bulletin/MS08-023.mspx; metadata: engine shared, soid 3|13673, service http, policy security-ips drop;)alert tcp $EXTERNAL_NET $HTTP_PORTS <> $HOME_NET any (msg:"WEB-CLIENT Microsoft Help 2.0 Contents Control 2 ActiveX function call access"; sid:13674; gid:3; rev:1; classtype:attempted-user; reference:cve,2008-1086; reference:url,www.microsoft.com/technet/security/Bulletin/MS08-023.mspx; metadata: engine shared, soid 3|13674, service http, policy security-ips drop;)alert tcp $EXTERNAL_NET $HTTP_PORTS <> $HOME_NET any (msg:"WEB-CLIENT Microsoft Help 2.0 Contents Control 2 ActiveX function call unicode access"; sid:13675; gid:3; rev:1; classtype:attempted-user; reference:cve,2008-1086; reference:url,www.microsoft.com/technet/security/Bulletin/MS08-023.mspx; metadata: engine shared, soid 3|13675, service http, policy security-ips drop;)alert tcp $EXTERNAL_NET $HTTP_PORTS <> $HOME_NET any (msg:"WEB-CLIENT Microsoft Excel cf record arbitrary code excecution attempt"; sid:13570; gid:3; rev:1; classtype:attempted-user; reference:cve,2008-0117; reference:url,www.microsoft.com/technet/security/bulletin/MS08-014.mspx; metadata: engine shared, soid 3|13570;)alert tcp $EXTERNAL_NET $HTTP_PORTS <> $HOME_NET any (msg:"WEB-CLIENT Microsoft Excel dval record arbitrary code excecution attempt"; sid:13571; gid:3; rev:1; classtype:attempted-user; reference:cve,2008-0111; reference:url,www.microsoft.com/technet/security/bulletin/MS08-014.mspx; metadata: engine shared, soid 3|13571;)alert tcp $EXTERNAL_NET $HTTP_PORTS <> $HOME_NET any (msg:"WEB-CLIENT Microsoft Excel sst record arbitrary code excecution attempt"; sid:13582; gid:3; rev:1; classtype:attempted-user; reference:cve,2008-0116; reference:url,www.microsoft.com/technet/security/bulletin/MS08-014.mspx; metadata: engine shared, soid 3|13582;)alert tcp $EXTERNAL_NET $HTTP_PORTS <> $HOME_NET any (msg:"WEB-CLIENT Microsoft Office ms08-016 arbitrary code execution attempt"; sid:13572; gid:3; rev:1; classtype:attempted-user; reference:cve,2008-0118; reference:url,www.microsoft.com/technet/security/bulletin/MS08-016.mspx; metadata: engine shared, soid 3|13572;)alert tcp $EXTERNAL_NET $HTTP_PORTS <> $HOME_NET any (msg:"WEB-CLIENT Microsoft Outlook arbitrary command line attempt"; sid:13573; gid:3; rev:1; classtype:misc-attack; reference:cve,2008-0110; reference:url,www.microsoft.com/technet/security/bulletin/MS08-015.mspx; metadata: engine shared, soid 3|13573;)alert tcp $EXTERNAL_NET $HTTP_PORTS <> $HOME_NET any (msg:"WEB-CLIENT Microsoft Visio DXF file invalid memory allocation exploit attempt"; sid:13665; gid:3; rev:1; classtype:attempted-user; reference:cve,2008-1090; reference:url,www.microsoft.com/technet/security/bulletin/MS08-019.mspx; metadata: engine shared, soid 3|13665, policy security-ips alert;)alert tcp $EXTERNAL_NET $HTTP_PORTS <> $HOME_NET any (msg:"WEB-CLIENT Powerpoint Viewer malformed msoDrawing property table buffer overflow attempt"; sid:13969; gid:3; rev:1; classtype:attempted-user; reference:cve,2008-0121; reference:url,www.microsoft.com/technet/security/bulletin/ms08-051.mspx; metadata: engine shared, soid 3|13969, policy balanced-ips drop, policy security-ips drop;)alert tcp $EXTERNAL_NET $HTTP_PORTS <> $HOME_NET any (msg:"WEB-CLIENT Microsoft Powerpoint TxMasterStyle10Atom atom numLevels buffer overflow attempt"; sid:13971; gid:3; rev:1; classtype:attempted-user; reference:cve,2008-1455; reference:url,www.microsoft.com/technet/security/bulletin/ms08-051.mspx; metadata: engine shared, soid 3|13971, service http, policy balanced-ips drop, policy security-ips drop;)
12

⌨️ 快捷键说明

复制代码 Ctrl + C
搜索代码 Ctrl + F
全屏模式 F11
切换主题 Ctrl + Shift + D
显示快捷键 ?
增大字号 Ctrl + =
减小字号 Ctrl + -