""ET WEB_CLIENT Possible Internet Explorer VBscript CVE-2014-6332 multiple redim preserve""

SID: 2019842

Revision: 4

Class Type: attempted-user

Metadata: affected_product Web_Browsers, affected_product Web_Browser_Plugins, attack_target Client_Endpoint, created_at 2014_12_03, cve CVE_2014_6332, deployment Perimeter, signature_severity Major, tag Web_Client_Attacks, updated_at 2024_03_21

Reference:

  • cve

  • 2014-6332

Protocol: tcp

Source Network: $EXTERNAL_NET

Source Port: $HTTP_PORTS

Destination Network: $HOME_NET

Destination Port: any

Flow: established,to_client

Contents:

  • Value: !"Content-Type|3a 20|text/xml|0d 0a|"

  • Value: !"Content-Type|3a 20|application/xml|0d 0a|"

  • Value: "preserve"

  • Value: "redim "

Within:

PCRE: "/^\s?Preserve\s?(?P[a-z]\w{0,254}+)\s?\x28\s?[^\x29]+?\x29.?redim\s?Preserve\s*?(?P=var1)/Rsi"

Special Options:

  • http_header

  • http_header

  • file_data

  • nocase

  • nocase

  • fast_pattern

source