alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ATTACK [PTsecurity] Safari 10.0.3 UAF RCE (CVE-2017-2491)"; flow:established, from_server; file_data; content:"RegExp"; content:".repeat"; within:25; content:".repeat"; within:50; content:".repeat"; within:50; content:"ArrayBuffer"; within:100; content:"Uint8Array"; within:50; content:"Float64Array"; within:50; content:"jsCellHeader"; distance:0; content:"butterfly"; distance:0; reference:cve, 2017-2491; reference:url, github.com/phoenhex/files/blob/master/exploits/cachedcall-uaf.html; classtype:attempted-admin; reference:url, github.com/ptresearch/AttackDetection; sid:10001322; rev:2;)