Versions (3)
Version DetailsCurrent
Rev: 2 • Sep 21, 2021, 12:00 PMET EXPLOIT Microsoft Edge Chakra - InlineArrayPush Type Confusion Inbound M2 (CVE-2018-8617)
alert http any any -> $HOME_NET any (msg:"ET EXPLOIT Microsoft Edge Chakra - InlineArrayPush Type Confusion Inbound M2 (CVE-2018-8617)"; flow:established,from_server; file_data; content:"function"; pcre:"/^\s*(?P<func_a>[\w\-]{1,20})\((?P<obj_1>[\w\-]{1,20})\s*,\s*(?P<obj_2>[\w\-]{1,20}).{1,300}(?P=obj_1)\.(?P<prop_2>[\w\-]{1,20})\s*=\s*\d+(?:\.\d+)?.{1,300}?(?P=obj_2)\.pop\(\).{1,300}?(?P=obj_1)\.(?P<prop_1>[\w\-]{1,20})\s*=\s*\d+(?:\.\d+)?.{1,500}Object\.prototype\.p(op|ush)\s*=\s*Array\.prototype\.p(op|ush)\x3b.{1,500}var\s*(?P<obj_3>[\w\-]{1,20})\s*=\s*\{\s*(?P=prop_1)\s*\x3a\s*\d+(?:\.\d+)?\s*,\s*(?:(?P=prop_2)\s*\x3a\s*\d+(?:\.\d+)?|(?P=prop_2)\s*\x3a\s*\d+(?:\.\d+)?\s*,\s*(?P=prop_1)\s*\x3a\s*\d+(?:\.\d+)).{1,500}(?P=func_a)\(\s*(?:(?P=obj_3)\s*,\s*new\s*Object\(\)|\s*new\s*Object\(\)\s*,\s*(?P=obj_3)\s*).{1,500}?(?P=func_a)\((?P=obj_3)/Rsi"; content:"Object.prototype.p"; content:"|20|=|20|Array.prototype.p"; fast_pattern; reference:cve,2018-8617; classtype:attempted-admin; sid:2034004; rev:2; metadata:attack_target Client_Endpoint, created_at 2021_09_21, cve CVE_2018_8617, deployment Perimeter, confidence Medium, signature_severity Major, tag Exploit, updated_at 2021_09_21;)
Sep 21, 2021, 12:00 PM
Sep 21, 2021, 12:00 PM
Sep 21, 2024, 3:00 AM
Sep 21, 2024, 3:00 AM
rules/emerging-exploit.rules