HighBlackICE PC Protection, BlackICE Server Protection, RealSecure Server Sensor, RealSecure Network, Proventia Server IPS for Linux technology, Proventia Network IPS, Proventia Desktop, Proventia Server IPS for Microsoft Windows technology, Proventia Network MFS, Proventia-G 1.1 and earlier:
This signture detects well known shellcode payloads within Microsoft Office Compound Document files.
BlackICE PC Protection, BlackICE Server Protection, RealSecure Server Sensor, RealSecure Network, Proventia Server IPS for Linux technology, Proventia Network IPS, Proventia Desktop, Proventia Server IPS for Microsoft Windows technology, Proventia Network MFS, Proventia-G 1.1 and earlier: The content.shellcode.scan.limit tuning parameter limits the amount of the transfer checked. If shellcode appears beyond this point in the transfer, this signature will not detect it.
High
BlackICE PC Protection: 3.6cqv, BlackICE Server Protection: 3.6.cqv, RealSecure Server Sensor: XPU 28.020, RealSecure Network: XPU 28.020, Proventia Server IPS for Linux technology: 28.020, Proventia Network IPS: XPU 28.020, Proventia Desktop: 2160, Proventia Server IPS for Microsoft Windows technology: 1.0.914.2160, Proventia Server IPS for Microsoft Windows technology: 2.0.252.2160, Proventia Network MFS: XPU 28.020, Proventia-G 1.1 and earlier: XPU 28.020
Microsoft Windows XP, Microsoft Windows Me, Compaq Tru64, Microsoft Windows 2000, Microsoft Windows 98SE, Linux Linux, SGI IRIX, Sun Solaris, WindRiver BSDOS, HP HP-UX, IBM AIX, IBM OS/2, Microsoft Windows 95, Data General DG/UX, Microsoft Windows NT: 4.0, SCO SCO Unix, Microsoft Windows 98, Microsoft Windows 2003 Server, Apple Mac OS X
Unauthorized Access Attempt
An exploit has been detected in a file.
No remedy currently available. If the file has not been opened, do not open it.
ISS X-Force
A malicious file has been detected
http://www.iss.net/security_center/static/27657.php