Rule History

alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET WEB_CLIENT VBscript UAF (CVE-2018-8373)"; flow:to_client,established; file_data; content:"vbscript"; nocase; content:"class_initialize"; nocase; fast_pattern; content:"<script "; nocase; content:"Redim"; nocase; content:"private"; nocase; pcre:"/^\s+sub\s+class_initialize\b(?:(?!end\s*sub).)*?\bReDim\s+array\b/Rsi"; content:"Public"; pcre:"/^\s+Default\s+Property\b(?:(?!end\s*property).)*?\bReDim\s+Preserve\s+array\b/Rsi"; reference:cve,2018-8373; reference:url,blog.trendmicro.com/trendlabs-security-intelligence/new-cve-2018-8373-exploit-spotted-in-the-wild/; classtype:attempted-user; sid:2026411; rev:3; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, created_at 2018_09_26, cve CVE_2018_8373, deployment Perimeter, confidence High, signature_severity Major, tag CISA_KEV, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2019_10_08;)