ET CURRENT_EVENTS Possible Microsoft Office PNG overflow attempt invalid tEXt chunk length

SID: 2017005Rev: 60 views
History
Sourceet/open
CreatedJune 12, 2013
UpdatedJuly 26, 2019
Classificationattempted-user
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET CURRENT_EVENTS Possible Microsoft Office PNG overflow attempt invalid tEXt chunk length"; flow:established,to_client; file_data; content:"|89 50 4E 47 0D 0A 1A 0A|"; content:"IHDR"; distance:0; content:"tEXt"; distance:13; byte_test:4,>,2147483647,-8,relative; reference:cve,2013-1331; reference:url,blogs.technet.com/b/srd/archive/2013/06/11/ms13-051-get-out-of-my-office.aspx; classtype:attempted-user; sid:2017005; rev:6; metadata:created_at 2013_06_12, confidence Medium, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2019_07_26;)

References

cve2013-1331
urlblogs.technet.com/b/srd/archive/2013/06/11/ms13-051-get-out-of-my-office.aspx

Metadata

created at2013_06_12
confidenceMedium
signature severityMajor
tagDescription_Generated_By_Proofpoint_Nexus
updated at2019_07_26

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!