12 lines
458 B
Plaintext
12 lines
458 B
Plaintext
|
|
rule Exploit_WinNT_CVE-2012-1723_AHQ{
|
|
meta:
|
|
description = "Exploit:WinNT/CVE-2012-1723.AHQ,SIGNATURE_TYPE_JAVAHSTR_EXT,02 00 02 00 02 00 00 "
|
|
|
|
strings :
|
|
$a_03_0 = {32 b6 4c 2b b6 3d 1c bc 4e 2b 2d 03 1c b6 57 2d b0 4c 01 b0 90 09 03 00 2a b2 } //1
|
|
$a_03_1 = {2a b6 b6 b6 90 04 01 04 4c 2d 4e 3a b2 [03-08] 32 90 04 01 04 4c 2d 4e 3a b2 [03-08] 32 3a[1 03 2b 2] c 19) b8 90 03 01 0[1] } //1
|
|
condition:
|
|
((#a_03_0 & 1)*1+(#a_03_1 & 1)*1) >=2
|
|
|
|
} |