HighBlackICE PC Protection, BlackICE Server Protection, RealSecure Server Sensor, RealSecure Network, Proventia Network IDS, Proventia-G 1.1 and earlier, IBM Security Server Protection for Windows, Proventia Network MFS, Proventia Server IPS for Linux technology, RealSecure Desktop, Proventia Desktop, Proventia Network IPS, Virtual Server Protection for Vmware:
This signture detects well known shellcode payloads within typical non-excutable file content.
BlackICE PC Protection, BlackICE Server Protection, IBM Security Server Protection for Windows: The content.shellcode.scan.limit tuning parameter limits the amount of the transfer checked. If shellcode appears beyond this point in the transfer, this signature will not detect it.
The pam.content.shellcode.scan.limit tuning parameter limits the amount of the transfer checked. If shellcode appears beyond this point in the transfer, this signature will not detect it.
High
BlackICE PC Protection: 3.6cpw, BlackICE Server Protection: 3.6.cpw, RealSecure Server Sensor: XPU 24.51, RealSecure Network: XPU 24.51, Proventia Network IDS: XPU 24.51, Proventia-G 1.1 and earlier: XPU 24.51, IBM Security Server Protection for Windows: 2.1.14.2400, Proventia Network MFS: XPU 1.90, IBM Security Server Protection for Windows: 1.0.914.1910, Proventia Server IPS for Linux technology: 1.90, RealSecure Desktop: epw, Proventia Desktop: 1910, Proventia Network IPS: XPU 1.90, Virtual Server Protection for Vmware: 1.0
IBM AIX, WindRiver BSDOS, SGI IRIX, Linux Kernel, Sun Solaris, IBM OS2, Microsoft Windows 95, Data General DG/UX, Microsoft Windows NT: 4.0, Microsoft Windows 98, SCO SCO Unix, Microsoft Windows 98SE, Microsoft Windows 2000, Microsoft Windows Me, Compaq Tru64, Microsoft Windows XP, Microsoft Windows 2003 Server, Apple Mac OS X
Unauthorized Access Attempt
An exploit has been detected in a file.
No remedy currently available. If the file has not been opened, do not open it.
ISS X-Force
A malicious file has been detected
http://www.iss.net/security_center/static/27657.php