12 lines
727 B
Plaintext
12 lines
727 B
Plaintext
|
|
rule Exploit_O97M_CVE-2017-11882_CG_MTB{
|
|
meta:
|
|
description = "Exploit:O97M/CVE-2017-11882.CG!MTB,SIGNATURE_TYPE_MACROHSTR_EXT,02 00 02 00 02 00 00 "
|
|
|
|
strings :
|
|
$a_03_0 = {53 75 62 20 41 75 74 6f 5f 4f 70 65 6e 28 29 90 0c 02 00 72 75 65 72 75 72 69 77 65 72 75 77 79 75 66 67 64 20 3d 20 72 75 65 72 75 72 69 77 65 72 75 77 79 75 66 67 64 20 2b 20 22 22 20 2b 20 22 22 20 2b 20 22 62 76 66 67 73 74 64 79 74 79 75 33 72 66 35 33 33 20 3d } //1
|
|
$a_03_1 = {2b 20 76 62 43 72 4c 66 20 27 37 37 34 35 79 6a 75 75 79 33 72 74 72 90 0c 02 00 72 75 65 72 75 72 69 77 65 72 75 77 79 75 66 67 64 20 3d 20 72 75 65 72 75 72 69 77 65 72 75 77 79 75 66 67 64 20 2b } //1
|
|
condition:
|
|
((#a_03_0 & 1)*1+(#a_03_1 & 1)*1) >=2
|
|
|
|
} |