Versions (4)
Version DetailsCurrent
Rev: 8 • Jul 11, 2013, 12:00 PMET EXPLOIT Potential Internet Explorer Use After Free CVE-2013-3163 Exploit URI Struct 1
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET EXPLOIT Potential Internet Explorer Use After Free CVE-2013-3163 Exploit URI Struct 1"; flow:established,to_server; http.uri; content:"/vid.aspx?id="; nocase; fast_pattern; pcre:"/^[a-zA-Z0-9]+$/Ri"; http.header_names; content:!"Cookie|0d 0a|"; reference:url,blogs.technet.com/b/srd/archive/2013/07/10/running-in-the-wild-not-for-so-long.aspx; classtype:attempted-user; sid:2017131; rev:8; metadata:attack_target Client_and_Server, created_at 2013_07_11, deployment Perimeter, deployment Internal, confidence Low, signature_severity Major, tag CISA_KEV, updated_at 2024_11_26, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1189, mitre_technique_name Drive_by_Compromise; target:dest_ip;)
Jul 11, 2013, 12:00 PM
Nov 26, 2024, 12:00 PM
Sep 21, 2024, 3:00 AM
May 30, 2025, 12:04 AM
rules/emerging-exploit.rules