Versions (2)
Version DetailsCurrent
Rev: 10 • Nov 14, 2013, 12:00 PMET EXPLOIT Microsoft Outlook/Crypto API X.509 oid id-pe-authorityInfoAccessSyntax design bug allow blind HTTP requests attempt
alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS [25,587] (msg:"ET EXPLOIT Microsoft Outlook/Crypto API X.509 oid id-pe-authorityInfoAccessSyntax design bug allow blind HTTP requests attempt"; flow:to_server,established; content:"multipart/signed|3B|"; nocase; content:"application/pkcs7-signature|3B|"; nocase; distance:0; content:"|0A|QUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFB|0D|"; distance:0; reference:cve,2013-3870; reference:url,www.microsoft.com/technet/security/bulletin/MS13-068.mspx; reference:url,blog.nruns.com/blog/2013/11/12/A-portscan-by-email-Alex; classtype:attempted-admin; sid:2017712; rev:10; metadata:created_at 2013_11_14, signature_severity Major, updated_at 2019_07_26;)
Nov 14, 2013, 12:00 PM
Jul 26, 2019, 12:00 PM
Sep 21, 2024, 3:00 AM
May 30, 2025, 12:04 AM
rules/emerging-exploit.rules