# 14/07/2008 Microsoft Office Snapshot Viewer ActiveX control (2)

alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any ( msg:"Snapshot Viewer for Microsoft Access ActiveX Control Arbitrary File Download (2)"; flow:to_client,established; content:"clsid"; nocase; content:"F0E42D60-368C-11D0-AD81-00A0C90DC8D9"; nocase; pcre:"/(SnapshotPath|CompressedPath|PrintSnapshot)/i"; pcre:"/(exe|bat|com|dll|ini)/i"; reference:bugtraq,30114; reference:url,downloads.securityfocus.com/vulnerabilities/exploits/30114.html;reference:url,pstgroup.blogspot.com/2008/07/exploitmicrosoft-office-snapshot-viewer.html; classtype:web-application-attack; sid:9004; rev:1;)

#alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any ( msg:"Snapshot Viewer for Microsoft Access ActiveX Control Arbitrary File Download"; flow:to_client,established; content:"clsid"; nocase; pcre:"/(F0E42D50-368C-11D0-AD81-00A0C90DC8D9|F0E42D60-368C-11D0-AD81-00A0C90DC8D9|F2175210-368C-11D0-AD81-00A0C90DC8D9)/i"; pcre:"/(SnapshotPath|CompressedPath|PrintSnapshot)/i"; pcre:"/(exe|bat|com|dll|ini)/i"; reference:bugtraq,30114; reference:url,downloads.securityfocus.com/vulnerabilities/exploits/30114.html; reference:url,pstgroup.blogspot.com/2008/07/exploitmicrosoft-office-snapshot-viewer.html; classtype:web-application-attack; sid:9003; rev:1;)