13 lines
529 B
Plaintext
13 lines
529 B
Plaintext
|
|
rule Exploit_WinNT_CVE-2012-0507_NR{
|
|
meta:
|
|
description = "Exploit:WinNT/CVE-2012-0507.NR,SIGNATURE_TYPE_JAVAHSTR_EXT,02 00 02 00 03 00 00 "
|
|
|
|
strings :
|
|
$a_01_0 = {b7 b7 3a 19 b6 c0 c0 3a 19 03 32 c0 c0 3a 19 04 32 c0 3a 19 03 2c b6 19 03 32 2b } //1
|
|
$a_01_1 = {10 32 b8 4c 2b b2 10 32 b6 4d 2c 04 b6 2c 01 b6 b3 b2 b6 b2 10 32 04 bd 59 03 12 53 b6 4e 2d b2 04 bd 59 03 12 12 b6 53 b6 } //1
|
|
$a_01_2 = {3a 08 11 10 00 bc 08 3a 09 03 36 0a } //1
|
|
condition:
|
|
((#a_01_0 & 1)*1+(#a_01_1 & 1)*1+(#a_01_2 & 1)*1) >=2
|
|
|
|
} |