ET PHISHING Microsoft Windows Contacts Syslink Control href Attribute Escape (CVE-2022-44666)

SID: 2058433Rev: 168 views

Sourceet/open

CreatedDecember 20, 2024

UpdatedDecember 20, 2024

Classificationsocial-engineering

alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"ET PHISHING Microsoft Windows Contacts Syslink Control href Attribute Escape (CVE-2022-44666)"; flow:established,to_client; file_data; content:"BEGIN:VCARD"; fast_pattern; pcre:"/\x0a(?:EMAIL|URL)\x3b[^\x20\x0a]*?\x20href\x3d/"; reference:url,github.com/j00sean/CVE-2022-44666; reference:cve,2022-44666; classtype:social-engineering; sid:2058433; rev:1; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, tls_state TLSDecrypt, created_at 2024_12_20, cve CVE_2022_44666, deployment Perimeter, deployment SSLDecrypt, confidence High, signature_severity Major, tag Phishing, tag Exploit, updated_at 2024_12_20, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1566, mitre_technique_name Phishing; target:dest_ip;)

References

url	github.com/j00sean/CVE-2022-44666
cve	2022-44666

Metadata

affected productWindows_XP_Vista_7_8_10_Server_32_64_Bit

attack targetClient_Endpoint

tls stateTLSDecrypt

created at2024_12_20

cveCVE-2022-44666

deploymentSSLDecrypt

confidenceHigh

signature severityMajor

tagExploit

updated at2024_12_20

mitre tactic idTA0001

mitre tactic nameInitial_Access

mitre technique idT1566

mitre technique namePhishing

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!