Versions (4)
Version DetailsCurrent
Rev: 1 • Jun 29, 2017, 12:00 PMET EXPLOIT Possible WINS Server Remote Memory Corruption Vulnerability
alert tcp $HOME_NET any -> $HOME_NET 42 (msg:"ET EXPLOIT Possible WINS Server Remote Memory Corruption Vulnerability"; flow:to_server,established; dsize:48; content:"|00 00 78 00|"; offset:4; depth:4; content:"|00 00 00 05|"; offset:16; depth:4; fast_pattern; threshold:type both, count 3, seconds 1, track by_src; reference:url,blog.fortinet.com/2017/06/14/wins-server-remote-memory-corruption-vulnerability-in-microsoft-windows-server; classtype:attempted-user; sid:2024435; rev:1; metadata:affected_product Windows_DNS_server, attack_target DNS_Server, created_at 2017_06_29, deployment Datacenter, performance_impact Low, confidence Low, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2019_07_26;)
Jun 29, 2017, 12:00 PM
Jul 26, 2019, 12:00 PM
Jun 29, 2017, 12:00 PM
Sep 30, 2025, 9:36 PM
rules/emerging-exploit.rules