Versions (5)
Version DetailsCurrent
Rev: 3 • Mar 16, 2023, 12:00 PMET EXPLOIT Possible Microsoft Outlook Elevation of Privilege Payload Observed M5 (CVE-2023-23397)
alert smtp $SMTP_SERVERS any -> any any (msg:"ET EXPLOIT Possible Microsoft Outlook Elevation of Privilege Payload Observed M5 (CVE-2023-23397)"; content:"AElQTS5UYXNr"; fast_pattern; content:"|0d 0a 0d 0a|"; base64_decode:offset 0,relative; base64_data; content:"|78 9f 3e 22|"; startswith; content:"|00|IPM.Task"; content:"|5c|"; pcre:"/^\x00?\\\x00?[\w\.\-\x00]+\\/R"; reference:url,msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23397; reference:cve,2023-23397; classtype:attempted-admin; sid:2044684; rev:3; metadata:created_at 2023_03_16, cve CVE_2023_23397, confidence Medium, signature_severity Major, tag CISA_KEV, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2023_04_27, reviewed_at 2023_10_11, former_sid 2853730;)
Mar 16, 2023, 12:00 PM
Apr 27, 2023, 12:00 PM
Sep 21, 2024, 3:00 AM
Aug 25, 2025, 9:35 PM
rules/emerging-exploit.rules