24 lines
785 B
Plaintext
24 lines
785 B
Plaintext
|
|
rule Exploit_WinNT_CVE-2012-1723_P{
|
|
meta:
|
|
description = "Exploit:WinNT/CVE-2012-1723.P,SIGNATURE_TYPE_JAVAHSTR_EXT,02 00 02 00 02 00 00 "
|
|
|
|
strings :
|
|
$a_03_0 = {15 08 12 0b a2 00 10 19 06 01 b6 00 ?? 57 84 08 01 a7 ff ef } //1
|
|
$a_01_1 = {75 72 30 6c 30 } //1 ur0l0
|
|
condition:
|
|
((#a_03_0 & 1)*1+(#a_01_1 & 1)*1) >=2
|
|
|
|
}
|
|
rule Exploit_WinNT_CVE-2012-1723_P_2{
|
|
meta:
|
|
description = "Exploit:WinNT/CVE-2012-1723.P,SIGNATURE_TYPE_JAVAHSTR_EXT,03 00 03 00 03 00 00 "
|
|
|
|
strings :
|
|
$a_03_0 = {1c 12 05 a2 00 0f 2b 01 b6 00 ?? 57 84 02 01 a7 ff f1 } //1
|
|
$a_00_1 = {63 6f 6e 66 75 73 65 } //1 confuse
|
|
$a_00_2 = {43 6f 6e 66 75 73 69 6e 67 43 6c 61 73 73 4c 6f 61 64 65 72 } //1 ConfusingClassLoader
|
|
condition:
|
|
((#a_03_0 & 1)*1+(#a_00_1 & 1)*1+(#a_00_2 & 1)*1) >=3
|
|
|
|
} |