""ET EXPLOIT IE Scripting Engine Memory Corruption Vulnerability M1 (CVE-2019-0752)""
SID: 2027721
Revision: 2
Class Type: attempted-admin
Metadata: affected_product Internet_Explorer, attack_target Client_Endpoint, created_at 2019_07_17, deployment Perimeter, performance_impact Low, confidence Medium, signature_severity Major, updated_at 2019_07_17
Reference:
-
cve
-
CVE-2019-0752
Protocol: tcp
Source Network: $EXTERNAL_NET
Source Port: $HTTP_PORTS
Destination Network: $HOME_NET
Destination Port: any
Flow: established,from_server
Contents:
-
Value: "200"
-
Value: "Content-Type|3a 20|text/html"
-
Value: "<script language=|22|"
-
Value: "VBScript"
-
Value: "|2e|scrollLeft"
-
Value: "|26|h4003|09 27 20|VT_BYREF|20 7c 20|VT_I4"
-
Value: "|28 28 28 28 5c 2e 2e 5c|"
-
Value: "Powershell"
-
Value: "|26|h40|2c 20 22 23 3e 24|"
Within: 400
PCRE:
Special Options:
-
http_stat_code
-
http_header
-
file_data
-
nocase
-
fast_pattern
-
nocase