Back to Rule

Rule History

SID: 10001326 • Source: ptrules/open

Versions (6)

Version DetailsCurrent

Rev: 1Jul 24, 2025, 5:44 PM

ATTACK [PTsecurity] Safari 10.0.3 UAF RCE (CVE-2017-2491)

alert http any any -> any any (msg:"ATTACK [PTsecurity] Safari 10.0.3 UAF RCE (CVE-2017-2491)"; flow:established, from_server; file_data; content:"0x40000"; content:"0x1000"; content:"0x10000000"; content:"0x7ffff000"; content:"0x80"; content:"0x81"; content:"0x50"; reference:cve, 2017-2491; reference:url, github.com/phoenhex/files/blob/master/exploits/cachedcall-uaf.html; reference:url, rules.ptsecurity.com; classtype:attempted-admin; sid:10001326; rev:1;)

Jul 24, 2025, 5:44 PM

Jul 24, 2025, 5:44 PM

Oct 16, 2025, 10:34 AM

Oct 16, 2025, 10:34 AM

rules/ptopen-attacks.rules