17 lines
1.0 KiB
Plaintext
17 lines
1.0 KiB
Plaintext
|
|
rule Exploit_WinNT_CVE-2012-4681_AIL{
|
|
meta:
|
|
description = "Exploit:WinNT/CVE-2012-4681.AIL,SIGNATURE_TYPE_JAVAHSTR_EXT,07 00 07 00 07 00 00 01 00 "
|
|
|
|
strings :
|
|
$a_01_0 = {01 00 3d 28 4c 6a 61 76 61 2f 73 65 63 75 72 69 74 79 2f 50 72 69 76 69 6c 65 67 65 64 45 78 63 65 70 74 69 6f 6e 41 63 74 69 6f 6e 3b 29 4c 6a 61 76 61 2f 6c 61 6e 67 2f 4f 62 6a 65 63 74 3b } //01 00
|
|
$a_01_1 = {01 00 10 6a 61 76 61 2f 6c 61 6e 67 2f 4f 62 6a 65 63 74 } //01 00
|
|
$a_01_2 = {01 00 27 28 4c 6a 61 76 61 2f 6c 61 6e 67 2f 53 74 72 69 6e 67 3b 4c 6a 61 76 61 2f 6c 61 6e 67 2f 53 74 72 69 6e 67 3b 29 56 } //01 00
|
|
$a_01_3 = {01 00 1e 6a 61 76 61 2f 73 65 63 75 72 69 74 79 2f 41 63 63 65 73 73 43 6f 6e 74 72 6f 6c 6c 65 72 } //01 00
|
|
$a_01_4 = {01 00 06 3c 69 6e 69 74 3e } //01 00
|
|
$a_01_5 = {01 00 0c 64 6f 50 72 69 76 69 6c 65 67 65 64 } //01 00
|
|
$a_03_6 = {2a b7 00 01 90 09 00 00 2a b7 00 01 2a 12 02 b5 00 03 2a 12 04 b5 00 05 2a b8 00 06 57 2a 2b 2c b6 00 07 a7 00 04 90 00 } //00 00
|
|
condition:
|
|
any of ($a_*)
|
|
|
|
} |