13 lines
486 B
Plaintext
13 lines
486 B
Plaintext
|
|
rule Exploit_WinNT_CVE-2012-0507_T{
|
|
meta:
|
|
description = "Exploit:WinNT/CVE-2012-0507.T,SIGNATURE_TYPE_JAVAHSTR_EXT,03 00 03 00 03 00 00 "
|
|
|
|
strings :
|
|
$a_01_0 = {61 74 6f 6d 69 63 2f 41 74 6f 6d 69 63 52 65 66 65 72 65 6e 63 65 41 72 72 61 79 } //1 atomic/AtomicReferenceArray
|
|
$a_01_1 = {5a 4b 4d 34 2e 32 2e 34 } //1 ZKM4.2.4
|
|
$a_01_2 = {2a 2b 04 32 c0 00 01 b5 00 02 2a b4 00 02 03 2c b6 00 03 } //1
|
|
condition:
|
|
((#a_01_0 & 1)*1+(#a_01_1 & 1)*1+(#a_01_2 & 1)*1) >=3
|
|
|
|
} |