ET EXPLOIT Possible Microsoft Outlook Elevation of Privilege Payload Observed M8 (CVE-2023-23397)

SID: 2044687Rev: 34 viewsHistory

Sourceet/open

CreatedMarch 16, 2023

UpdatedApril 27, 2023

Classificationattempted-admin

alert smtp $SMTP_SERVERS any -> any any (msg:"ET EXPLOIT Possible Microsoft Outlook Elevation of Privilege Payload Observed M8 (CVE-2023-23397)"; content:"SVBNLk1pY3Jvc29mdCBNYWlsLk5vdG"; fast_pattern; content:"|0d 0a 0d 0a|"; base64_decode:offset 0,relative; base64_data; content:"|78 9f 3e 22|"; startswith; content:"IPM.Microsoft|20|Mail.Note"; content:"|5c|"; pcre:"/^\x00?\\\x00?[\w\.\-\x00]+\\/R"; reference:url,msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23397; reference:cve,2023-23397; classtype:attempted-admin; sid:2044687; rev:3; metadata:created_at 2023_03_16, cve CVE_2023_23397, confidence Medium, signature_severity Major, tag CISA_KEV, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2023_04_27, reviewed_at 2023_10_11, former_sid 2853733;)

References

url	msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23397
cve	2023-23397

Metadata

created at2023_03_16

cveCVE-2023-23397

confidenceMedium

signature severityMajor

tagDescription_Generated_By_Proofpoint_Nexus

updated at2023_04_27

reviewed at2023_10_11

former sid2853733

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!