Versions (5)
Version DetailsCurrent
Rev: 4 • Jul 14, 2020, 12:00 PMET EXPLOIT Possible Windows DNS Integer Overflow Attempt M1 (CVE-2020-1350)
alert tcp any 53 -> any any (msg:"ET EXPLOIT Possible Windows DNS Integer Overflow Attempt M1 (CVE-2020-1350)"; flow:established,from_server; byte_test:2,>=,0xfeea,0; content:"|00 00 18|"; within:76; content:"|00 00 18|"; distance:12; within:64; fast_pattern; content:"|c0|"; distance:2; within:1; content:"|00 18|"; distance:1; within:2; reference:cve,2020-1350; reference:url,research.checkpoint.com/2020/resolving-your-way-into-domain-admin-exploiting-a-17-year-old-bug-in-windows-dns-servers/; classtype:attempted-admin; sid:2030533; rev:4; metadata:affected_product Windows_DNS_server, created_at 2020_07_14, cve CVE_2020_1350, performance_impact Significant, confidence Medium, signature_severity Critical, tag CISA_KEV, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2020_07_16;)
Jul 14, 2020, 12:00 PM
Jul 16, 2020, 12:00 PM
Sep 21, 2024, 3:00 AM
Sep 17, 2025, 9:34 PM
rules/emerging-exploit.rules