Versions (2)
Version DetailsCurrent
Rev: 6 • Sep 18, 2013, 12:00 PMET WEB_CLIENT Microsoft IE Memory Corruption Inbound (CVE-2013-3893)
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET WEB_CLIENT Microsoft IE Memory Corruption Inbound (CVE-2013-3893)"; flow:established,to_client; file_data; content:"outer"; nocase; pcre:"/^(?:Text|HTML)/Ri"; content:"onlosecapture"; nocase; fast_pattern; pcre:"/^(:?([\x22\x27][\r\n\s]*?\])?[\r\n\s]*?=|[\x22\x27][\r\n\s]*?\,)[\r\n\s]*?(?!function)(?P<func>[^\r\n\s]+)\b.+?function[\r\n\s]+(?P=func)[\r\n\s]*?\([^\)]*?\)[\r\n\s]*?\{((?!function).)*?(\b(?P<var>[^\r\n\s\=]+)[\r\n\s]*?=[\r\n\s]*?(\x22\x22|\x27\x27))?((?!function).)*?document\.write\([\r\n\s]*?(\x22\x22|\x27\x27|(?P=var))[\r\n\s]*?\)/Rsi"; reference:cve,2013-3893; reference:url,blogs.technet.com/b/srd/archive/2013/09/17/cve-2013-3893-fix-it-workaround-available.aspx; classtype:attempted-user; sid:2017480; rev:6; metadata:affected_product Web_Browsers, affected_product Web_Browser_Plugins, attack_target Client_Endpoint, created_at 2013_09_18, deployment Perimeter, confidence Medium, signature_severity Major, tag Web_Client_Attacks, updated_at 2022_06_27;)
Sep 18, 2013, 12:00 PM
Jun 27, 2022, 12:00 PM
Sep 18, 2013, 12:00 PM
May 31, 2024, 9:00 PM
rules/emerging-web_client.rules