""ET WEB_CLIENT Possible Internet Explorer VBscript failure to handle error case information disclosure obfuscated CVE-2014-6332""

SID: 2019715

Revision: 1

Class Type: attempted-user

Metadata: affected_product Web_Browsers, affected_product Web_Browser_Plugins, attack_target Client_Endpoint, created_at 2014_11_15, cve CVE_2014_6332, deployment Perimeter, signature_severity Major, tag Web_Client_Attacks, updated_at 2014_11_15, mitre_tactic_id TA0005, mitre_tactic_name Defense_Evasion, mitre_technique_id T1027, mitre_technique_name Obfuscated_Files_or_Information

Reference:

  • cve

  • 2014-6332

Protocol: tcp

Source Network: $EXTERNAL_NET

Source Port: $HTTP_PORTS

Destination Network: $HOME_NET

Destination Port: any

Flow: to_client,established

Contents:

  • Value: "vbscript"

  • Value: "Xor"

  • Value: "Execute"

  • Value: "&chr"

  • Value: "UBound"

  • Value: "Cint"

  • Value: "Split"

  • Value: "Mid"

  • Value: "Len"

Within:

PCRE: "/^\W/R"

Special Options:

  • file_data

  • nocase

  • nocase

  • nocase

  • nocase

  • nocase

  • nocase

  • nocase

source