16 lines
855 B
Plaintext
16 lines
855 B
Plaintext
|
|
rule Exploit_WinNT_CVE-2012-0507_Z{
|
|
meta:
|
|
description = "Exploit:WinNT/CVE-2012-0507.Z,SIGNATURE_TYPE_JAVAHSTR_EXT,1c 00 18 00 06 00 00 05 00 "
|
|
|
|
strings :
|
|
$a_01_0 = {6a 61 76 61 2f 61 70 70 6c 65 74 2f 41 70 70 6c 65 74 } //05 00 java/applet/Applet
|
|
$a_01_1 = {6a 61 76 61 2f 73 65 63 75 72 69 74 79 2f 50 72 6f 74 65 63 74 69 6f 6e 44 6f 6d 61 69 6e } //05 00 java/security/ProtectionDomain
|
|
$a_01_2 = {6a 61 76 61 2f 75 74 69 6c 2f 63 6f 6e 63 75 72 72 65 6e 74 2f 61 74 6f 6d 69 63 2f 41 74 6f 6d 69 63 52 65 66 65 72 65 6e 63 65 41 72 72 61 79 } //04 00 java/util/concurrent/atomic/AtomicReferenceArray
|
|
$a_01_3 = {53 74 72 69 6e 67 42 75 69 6c 64 65 72 } //04 00 StringBuilder
|
|
$a_01_4 = {74 6f 48 65 78 53 74 72 69 6e 67 } //05 00 toHexString
|
|
$a_01_5 = {32 b6 57 a7 bf 84 15 2d be a1 2a } //00 00
|
|
condition:
|
|
any of ($a_*)
|
|
|
|
} |