ATTACK [PTsecurity] MS Edge WScript Command Injection RCE (CVE-2018-8495)

SID: 10003930Rev: 21 views

Sourceptresearch/attackdetection

CreatedDecember 13, 2021

UpdatedDecember 13, 2021

Classificationattempted-admin

alert http any any -> any any (msg:"ATTACK [PTsecurity] MS Edge WScript Command Injection RCE (CVE-2018-8495)"; flow:established, from_server; content:"wshfile:"; nocase; http_server_body; fast_pattern; content:".."; distance:0; http_server_body; content:".vbs"; distance:0; nocase; http_server_body; pcre:"/wshfile:[^\x22\x27\s]+(\\|\/)\.\.(\\|\/)[^\x22\x27\s]+\.vbs/Qi"; reference:cve, 2018-8495; reference:url, leucosite.com/Microsoft-Edge-RCE; classtype:attempted-admin; reference:url, github.com/ptresearch/AttackDetection; sid:10003930; rev:2;)

References

cve	2018-8495
url	leucosite.com/Microsoft-Edge-RCE
url	github.com/ptresearch/AttackDetection

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!