Versions (3)
Version DetailsCurrent
Rev: 3 • Jun 30, 2016, 12:00 PMET EXPLOIT Possible Symantec Malicious MIME Doc Name Overflow (EICAR) toserver M4
alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"ET EXPLOIT Possible Symantec Malicious MIME Doc Name Overflow (EICAR) toserver M4"; flow:established,to_server; content:"Content-Type|3a 20|"; nocase; content:"name"; nocase; isdataat:78,relative; pcre:"/^\s*=\s*[\x22\x27][^\x22\x27\r\n]{78}/R"; content:"|58 35 4f 21 50 25 40 41 50 5b 34 5c 50 5a 58 35 34 28 50 5e 29 37 43 43 29 37 7d 24 45 49 43 41 52 2d|"; reference:url,bugs.chromium.org/p/project-zero/issues/detail?id=823&q=; classtype:attempted-admin; sid:2022938; rev:3; metadata:created_at 2016_06_30, deprecation_reason Relevance, confidence Medium, signature_severity Major, updated_at 2024_04_11, reviewed_at 2024_04_11;)
Jun 30, 2016, 12:00 PM
Apr 11, 2024, 12:00 PM
Sep 21, 2024, 3:00 AM
May 30, 2025, 12:04 AM
rules/emerging-exploit.rules