ET EXPLOIT Possible Symantec Malicious MIME Doc Name Overflow (EICAR) toserver M4

SID: 2022938Rev: 32 views
History
Sourceet/open
CreatedJune 30, 2016
UpdatedApril 11, 2024
Classificationattempted-admin
alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"ET EXPLOIT Possible Symantec Malicious MIME Doc Name Overflow (EICAR) toserver M4"; flow:established,to_server; content:"Content-Type|3a 20|"; nocase; content:"name"; nocase; isdataat:78,relative; pcre:"/^\s*=\s*[\x22\x27][^\x22\x27\r\n]{78}/R"; content:"|58 35 4f 21 50 25 40 41 50 5b 34 5c 50 5a 58 35 34 28 50 5e 29 37 43 43 29 37 7d 24 45 49 43 41 52 2d|"; reference:url,bugs.chromium.org/p/project-zero/issues/detail?id=823&q=; classtype:attempted-admin; sid:2022938; rev:3; metadata:created_at 2016_06_30, deprecation_reason Relevance, confidence Medium, signature_severity Major, updated_at 2024_04_11, reviewed_at 2024_04_11;)

References

urlbugs.chromium.org/p/project-zero/issues/detail?id=823&q=

Metadata

created at2016_06_30
deprecation reasonRelevance
confidenceMedium
signature severityMajor
updated at2024_04_11
reviewed at2024_04_11

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!