18 lines
1.1 KiB
Plaintext
18 lines
1.1 KiB
Plaintext
|
|
rule Exploit_WinNT_CVE-2012-0507_D{
|
|
meta:
|
|
description = "Exploit:WinNT/CVE-2012-0507.D,SIGNATURE_TYPE_JAVAHSTR_EXT,2c 00 28 00 08 00 00 "
|
|
|
|
strings :
|
|
$a_01_0 = {6a 61 76 61 2f 61 70 70 6c 65 74 2f 41 70 70 6c 65 74 } //5 java/applet/Applet
|
|
$a_01_1 = {6a 61 76 61 2f 6c 61 6e 67 2f 45 78 63 65 70 74 69 6f 6e } //5 java/lang/Exception
|
|
$a_01_2 = {6a 61 76 61 2f 69 6f 2f 4f 62 6a 65 63 74 49 6e 70 75 74 53 74 72 65 61 6d } //5 java/io/ObjectInputStream
|
|
$a_01_3 = {6a 61 76 61 2f 75 74 69 6c 2f 63 6f 6e 63 75 72 72 65 6e 74 2f 61 74 6f 6d 69 63 2f 41 74 6f 6d 69 63 52 65 66 65 72 65 6e 63 65 41 72 72 61 79 } //5 java/util/concurrent/atomic/AtomicReferenceArray
|
|
$a_01_4 = {43 6c 61 73 73 4c 6f 61 64 65 72 } //4 ClassLoader
|
|
$a_01_5 = {67 65 74 43 6c 61 73 73 } //4 getClass
|
|
$a_01_6 = {53 74 72 69 6e 67 42 75 69 6c 64 65 72 2e 74 6f 53 74 72 69 6e 67 } //4 StringBuilder.toString
|
|
$a_01_7 = {19 03 19 b6 19 03 32 } //20
|
|
condition:
|
|
((#a_01_0 & 1)*5+(#a_01_1 & 1)*5+(#a_01_2 & 1)*5+(#a_01_3 & 1)*5+(#a_01_4 & 1)*4+(#a_01_5 & 1)*4+(#a_01_6 & 1)*4+(#a_01_7 & 1)*20) >=40
|
|
|
|
} |