""ET DOS Microsoft Windows LSASS Remote Memory Corruption (CVE-2017-0004)""
SID: 2023497
Revision: 3
Class Type: attempted-dos
Metadata: affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_and_Server, created_at 2016_11_11, cve CVE_2017_0004, deployment Perimeter, deployment Datacenter, performance_impact Low, confidence Medium, signature_severity Major, updated_at 2017_03_23
Reference:
Protocol: tcp
Source Network: any
Source Port: any
Destination Network: $HOME_NET
Destination Port: 445
Flow: established,to_server
Contents:
-
Value: "|FF|SMB|73|" Depth: 5 Offset: 4
-
Value: "|ff 00|"
-
Value: "|84|"
-
Value: "NTLMSSP"
Within: 64
PCRE:
Special Options:
- fast_pattern