""ET EXPLOIT LibreOffice pydoc RCE Inbound (CVE-2018-16858)""
SID: 2033456
Revision: 1
Class Type: attempted-admin
Metadata: created_at 2021_07_27, cve CVE_2018_16858, updated_at 2021_07_27
Reference:
-
cve
-
2018-16858
Protocol: tcp
Source Network: $EXTERNAL_NET
Source Port: $HTTP_PORTS
Destination Network: $HOME_NET
Destination Port: any
Flow: from_server,established
Contents:
-
Value: "<office|3a|document" Depth: 100
-
Value: "<office|3a|"
-
Value: "<script|3a|"
-
Value: "|2f|pydoc.py|24|tempfilepager"
Within:
PCRE:
Special Options:
-
file_data
-
fast_pattern