""ET EXPLOIT Possible Android Stagefright MP4 CVE-2015-1538 - Shell""

SID: 2021757

Revision: 1

Class Type: attempted-user

Metadata: created_at 2015_09_10, cve CVE_2015_1538, updated_at 2015_09_10

Reference:

• Link

Protocol: tcp

Source Network: $EXTERNAL_NET

Source Port: $HTTP_PORTS

Destination Network: $HOME_NET

Destination Port: any

Flow: established,from_server

Contents:

• Value: "|00 00 00 18 66 74 79 70|mp4"

• Value: "/system/bin/sh"

Within: 13

PCRE:

Special Options:

• file_data

source