ET EXPLOIT Microsoft Office Spoofing to HTTP Redirect Inbound (CVE-2024-38200)

SID: 2056375Rev: 133 views

Sourceet/open

CreatedOctober 1, 2024

UpdatedOctober 1, 2024

Classificationbad-unknown

alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET EXPLOIT Microsoft Office Spoofing to HTTP Redirect Inbound (CVE-2024-38200)"; flow:established,to_client; http.content_type; pcre:"/^(?:application\x2fjavascript|text\x2fhtml)$/"; http.response_body; content:"|7c|u|7c|http"; fast_pattern; pcre:"/ms-(?:word|powerpoint|excel|visio|access|project|publisher|spd|infopath)\x3a(?:of(?:e|v)|nft)\x7cu\x7chttps?\x3a\x2f{2}/i"; content:!"|2e|office|2e|net|2f|"; reference:url,github.com/passtheticket/CVE-2024-38200; reference:cve,2024-38200; classtype:bad-unknown; sid:2056375; rev:1; metadata:affected_product MS_Office, attack_target Client_Endpoint, tls_state TLSDecrypt, created_at 2024_10_01, cve CVE_2024_38200, deployment Perimeter, deployment SSLDecrypt, confidence High, signature_severity Major, tag Exploit, updated_at 2024_10_01; target:dest_ip;)

References

url	github.com/passtheticket/CVE-2024-38200
cve	2024-38200

Metadata

affected productMS_Office

attack targetClient_Endpoint

tls stateTLSDecrypt

created at2024_10_01

cveCVE-2024-38200

deploymentSSLDecrypt

confidenceHigh

signature severityMajor

tagExploit

updated at2024_10_01

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!