""ET WEB_CLIENT IE Double Free (CVE-2018-8460)""

SID: 2026531

Revision: 2

Class Type: attempted-user

Metadata: affected_product Internet_Explorer, attack_target Client_Endpoint, created_at 2018_10_23, cve CVE_2018_8460, deployment Perimeter, updated_at 2018_10_23

Reference:

• cve

• 2018-8460

Protocol: tcp

Source Network: $EXTERNAL_NET

Source Port: any

Destination Network: $HOME_NET

Destination Port: any

Flow: to_client,established

Contents:

• Value: "<script"

• Value: "CreateElement"

• Value: "cssText"

• Value: "DOMAttrModified"

• Value: "addEventListener"

Within:

PCRE: "/(?P[^\s]{1,25})\s=\sdocument\s.\screateElement.?(?P[^\s]{1,25})\s=\sfunction\s\x28\se\s\x29\s{[^}]this\s.\sstyle\s.\scssText.?(?P=obj)\s.\saddEventListener\s\x28\s[\x22\x27]\sDOMAttrModified\s[\x22\x27]\s\x2c\s*(?P=func)/si"

Special Options:

• file_data

• nocase

• nocase

• nocase

• fast_pattern

• nocase

• nocase

source