""ET EXPLOIT Possible Android Stagefright MP4 (CVE 2016-3861) ROP""
SID: 2023185
Revision: 1
Class Type: attempted-user
Metadata: affected_product Android, attack_target Client_Endpoint, created_at 2016_09_12, cve CVE_2016_3861, deployment Perimeter, performance_impact Low, signature_severity Major, tag Android_Exploit, updated_at 2016_09_12
Reference:
Protocol: tcp
Source Network: $EXTERNAL_NET
Source Port: $HTTP_PORTS
Destination Network: $HOME_NET
Destination Port: any
Flow: established,from_server
Contents:
-
Value: "ID3"
-
Value: !"|FF|"
-
Value: "|41 d8 41 d8 41 dc 41 d8 41 d8 41 dc|"
Within: 800
PCRE: "/^(\x41\xd8\x41\xd8\x41\xdc){2,}\x41\x00/R"
Special Options:
- fast_pattern