16 lines
577 B
Plaintext
16 lines
577 B
Plaintext
|
|
rule Exploit_WinNT_CVE-2012-0507_B{
|
|
meta:
|
|
description = "Exploit:WinNT/CVE-2012-0507.B,SIGNATURE_TYPE_JAVAHSTR_EXT,04 00 04 00 06 00 00 01 00 "
|
|
|
|
strings :
|
|
$a_00_0 = {43 41 46 45 42 41 42 45 } //01 00 CAFEBABE
|
|
$a_01_1 = {06 61 2e 54 69 6d 65 } //01 00
|
|
$a_01_2 = {0b 28 4c 61 2f 48 65 6c 70 3b 29 } //01 00
|
|
$a_03_3 = {3a 05 19 05 b6 00 90 01 01 c0 00 90 01 01 3a 09 90 00 } //02 00
|
|
$a_01_4 = {be 19 b6 3a 19 b6 c0 3a a7 4c b1 } //01 00
|
|
$a_03_5 = {10 b8 07 78 2a 1c 90 03 02 00 04 60 b6 10 b8 60 91 54 84 a7 90 00 } //00 00
|
|
condition:
|
|
any of ($a_*)
|
|
|
|
} |