rule Exploit_WinNT_CVE-2012-0507_Z{
	meta:
		description = "Exploit:WinNT/CVE-2012-0507.Z,SIGNATURE_TYPE_JAVAHSTR_EXT,1c 00 18 00 06 00 00 05 00 "
		
	strings :
		$a_01_0 = {6a 61 76 61 2f 61 70 70 6c 65 74 2f 41 70 70 6c 65 74 } //05 00  java/applet/Applet
		$a_01_1 = {6a 61 76 61 2f 73 65 63 75 72 69 74 79 2f 50 72 6f 74 65 63 74 69 6f 6e 44 6f 6d 61 69 6e } //05 00  java/security/ProtectionDomain
		$a_01_2 = {6a 61 76 61 2f 75 74 69 6c 2f 63 6f 6e 63 75 72 72 65 6e 74 2f 61 74 6f 6d 69 63 2f 41 74 6f 6d 69 63 52 65 66 65 72 65 6e 63 65 41 72 72 61 79 } //04 00  java/util/concurrent/atomic/AtomicReferenceArray
		$a_01_3 = {53 74 72 69 6e 67 42 75 69 6c 64 65 72 } //04 00  StringBuilder
		$a_01_4 = {74 6f 48 65 78 53 74 72 69 6e 67 } //05 00  toHexString
		$a_01_5 = {32 b6 57 a7 bf 84 15 2d be a1 2a } //00 00 
	condition:
		any of ($a_*)
 
}