rule Exploit_WinNT_CVE-2012-4681_AIK{
	meta:
		description = "Exploit:WinNT/CVE-2012-4681.AIK,SIGNATURE_TYPE_JAVAHSTR_EXT,06 00 06 00 06 00 00 01 00 "
		
	strings :
		$a_01_0 = {01 00 3a 28 4c 6a 61 76 61 2f 6c 61 6e 67 2f 4f 62 6a 65 63 74 3b 4c 6a 61 76 61 2f 6c 61 6e 67 2f 53 74 72 69 6e 67 3b 5b 4c 6a 61 76 61 2f 6c 61 6e 67 2f 4f 62 6a 65 63 74 3b 29 56 } //01 00 
		$a_01_1 = {01 00 22 28 29 4c 6a 61 76 61 2f 73 65 63 75 72 69 74 79 2f 50 72 6f 74 65 63 74 69 6f 6e 44 6f 6d 61 69 6e 3b } //01 00 
		$a_01_2 = {01 00 14 6a 61 76 61 2f 62 65 61 6e 73 2f 53 74 61 74 65 6d 65 6e 74 } //01 00 
		$a_01_3 = {01 00 10 6a 61 76 61 2f 6c 61 6e 67 2f 4f 62 6a 65 63 74 } //01 00 
		$a_01_4 = {01 00 39 28 4c 6a 61 76 61 2f 73 65 63 75 72 69 74 79 2f 50 72 6f 74 65 63 74 69 6f 6e 44 6f 6d 61 69 6e 3b 4c 6a 61 76 61 2f 62 65 61 6e 73 2f 53 74 61 74 65 6d 65 6e 74 3b 29 56 } //01 00 
		$a_03_5 = {59 2b 2c 04 bd 00 90 01 01 b7 00 90 01 01 4e bb 00 90 01 01 59 b7 00 90 01 01 3a 04 19 04 b6 00 90 01 01 3a 05 2a 19 05 2d b6 00 90 01 01 b1 90 00 } //00 00 
	condition:
		any of ($a_*)
 
}