ET NETBIOS PolarisOffice Insecure Library Loading - SMB Unicode - Suricata Rule 2025791 (et/open)

ET NETBIOS PolarisOffice Insecure Library Loading - SMB Unicode

SID: 2025791Rev: 20 viewsHistory

Sourceet/open

CreatedJuly 6, 2018

UpdatedSeptember 9, 2021

Classificationattempted-user

alert tcp $HOME_NET [445,139] -> any any (msg:"ET NETBIOS PolarisOffice Insecure Library Loading - SMB Unicode"; flow:from_server; content:"SMB"; offset:4; depth:5; byte_test:1,&,0x80,7,relative; content:"p|00|u|00|i|00|f|00|r|00|a|00|m|00|e|00|w|00|o|00|r|00|k|00|p|00|r|00|o|00|r|00|e|00|s|00|e|00|n|00|u|00 2E 00|d|00|l|00|l|00|"; nocase; distance:0; reference:cve,2018-12589; reference:url,exploit-db.com/exploits/44985; classtype:attempted-user; sid:2025791; rev:2; metadata:attack_target Client_Endpoint, created_at 2018_07_06, cve CVE_2018_12589, deployment Perimeter, signature_severity Informational, updated_at 2021_09_09;)

References

cve	2018-12589
url	exploit-db.com/exploits/44985

Metadata

attack targetClient_Endpoint

created at2018_07_06

cveCVE-2018-12589

deploymentPerimeter

signature severityInformational

updated at2021_09_09

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!