12 lines
406 B
Plaintext
12 lines
406 B
Plaintext
|
|
rule Exploit_WinNT_CVE-2012-0507_NQ{
|
|
meta:
|
|
description = "Exploit:WinNT/CVE-2012-0507.NQ,SIGNATURE_TYPE_JAVAHSTR_EXT,02 00 02 00 02 00 00 "
|
|
|
|
strings :
|
|
$a_03_0 = {b6 3a 2a 03 32 19 19 03 19 be 19 b6 3a 19 05 bd 59 03 90 04 01 02 12 13 53 59 04 90 04 01 02 12 13 53 b6 3a } //1
|
|
$a_01_1 = {04 32 c0 3a 2b b6 3a 05 bd 59 03 03 b8 53 59 } //1
|
|
condition:
|
|
((#a_03_0 & 1)*1+(#a_01_1 & 1)*1) >=2
|
|
|
|
} |