ET WEB_CLIENT Possible IE10 Use After Free CVE-2014-0322

SID: 2018147Rev: 40 views
History
Sourceet/open
CreatedFebruary 15, 2014
UpdatedJanuary 19, 2023
Classificationattempted-user
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET WEB_CLIENT Possible IE10 Use After Free CVE-2014-0322"; flow:established,to_client; file_data; content:"onpropertychange"; nocase; fast_pattern; content:".outerHTML"; pcre:"/^\s*?=\s*?[^\s]+?\.outerHTML/Rsi"; content:"appendChild"; nocase; content:"getElementsByTagName"; nocase; pcre:"/^\s*?\(\s*?[\x22\x27]script[\x22\x27].+?\s(?P<vname>[^\s]+)\.onpropertychange\s*=.+?\s(?P<vname2>[^\s\x3d]+)\s*?=\s*?[^\s]*?createElement\s*?\(\s*?[\x22\x27]select[\x22\x27].+?(?P=vname)\.appendChild\(\s*?[\x22\x27]?(?P=vname2)[\x22\x27]?/Rsi"; reference:cve,2014-0322; classtype:attempted-user; sid:2018147; rev:4; metadata:affected_product Web_Browsers, affected_product Web_Browser_Plugins, attack_target Client_and_Server, created_at 2014_02_15, deployment Perimeter, deployment Internal, deprecation_reason Age, confidence Low, signature_severity Major, tag Web_Client_Attacks, tag CISA_KEV, updated_at 2023_01_19, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1189, mitre_technique_name Drive_by_Compromise; target:dest_ip;)

References

cve2014-0322

Metadata

affected productWeb_Browser_Plugins
attack targetClient_and_Server
created at2014_02_15
deploymentInternal
deprecation reasonAge
confidenceLow
signature severityMajor
tagCISA_KEV
updated at2023_01_19
mitre tactic idTA0001
mitre tactic nameInitial_Access
mitre technique idT1189
mitre technique nameDrive_by_Compromise

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!