ET EXPLOIT Possible Windows DNS Integer Overflow Attempt M1 (CVE-2020-1350)

SID: 2030533Rev: 40 viewsHistory

Sourceet/open

CreatedJuly 14, 2020

UpdatedJuly 16, 2020

Classificationattempted-admin

alert tcp any 53 -> any any (msg:"ET EXPLOIT Possible Windows DNS Integer Overflow Attempt M1 (CVE-2020-1350)"; flow:established,from_server; byte_test:2,>=,0xfeea,0; content:"|00 00 18|"; within:76; content:"|00 00 18|"; distance:12; within:64; fast_pattern; content:"|c0|"; distance:2; within:1; content:"|00 18|"; distance:1; within:2; reference:cve,2020-1350; reference:url,research.checkpoint.com/2020/resolving-your-way-into-domain-admin-exploiting-a-17-year-old-bug-in-windows-dns-servers/; classtype:attempted-admin; sid:2030533; rev:4; metadata:affected_product Windows_DNS_server, created_at 2020_07_14, cve CVE_2020_1350, performance_impact Significant, confidence Medium, signature_severity Critical, tag CISA_KEV, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2020_07_16;)

References

cve	2020-1350
url	research.checkpoint.com/2020/resolving-your-way-into-domain-admin-exploiting-a-17-year-old-bug-in-windows-dns-servers/

Metadata

affected productWindows_DNS_server

created at2020_07_14

cveCVE-2020-1350

performance impactSignificant

confidenceMedium

signature severityCritical

tagDescription_Generated_By_Proofpoint_Nexus

updated at2020_07_16

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!