ET EXPLOIT Possible Microsoft Outlook Elevation of Privilege Payload Observed M7 (CVE-2023-23397)

SID: 2044686Rev: 33 viewsHistory

Sourceet/open

CreatedMarch 16, 2023

UpdatedApril 27, 2023

Classificationattempted-admin

alert smtp $SMTP_SERVERS any -> any any (msg:"ET EXPLOIT Possible Microsoft Outlook Elevation of Privilege Payload Observed M7 (CVE-2023-23397)"; content:"SQBQAE0ALgBNAGkAYwByAG8AcwBvAGYAdAAgAE0AYQBpAGwALgBOAG8AdABlA"; fast_pattern; content:"|0d 0a 0d 0a|"; base64_decode:offset 0,relative; base64_data; content:"|78 9f 3e 22|"; startswith; content:"I|00|P|00|M|00|.|00|M|00|i|00|c|00|r|00|o|00|s|00|o|00|f|00|t|00 20 00|M|00|a|00|i|00|l|00|.|00|N|00|o|00|t|00|e"; content:"|5c|"; pcre:"/^\x00?\\\x00?[\w\.\-\x00]+\\/R"; reference:url,msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23397; reference:cve,2023-23397; classtype:attempted-admin; sid:2044686; rev:3; metadata:created_at 2023_03_16, cve CVE_2023_23397, confidence Medium, signature_severity Major, tag CISA_KEV, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2023_04_27, reviewed_at 2023_10_11, former_sid 2853732;)

References

url	msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23397
cve	2023-23397

Metadata

created at2023_03_16

cveCVE-2023-23397

confidenceMedium

signature severityMajor

tagDescription_Generated_By_Proofpoint_Nexus

updated at2023_04_27

reviewed at2023_10_11

former sid2853732

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!