""ET EXPLOIT Possible Microsoft Outlook Elevation of Privilege Payload Observed M2 (CVE-2023-23397)""
SID: 2044681
Revision: 3
Class Type: attempted-admin
Metadata: created_at 2023_03_16, cve CVE_2023_23397, signature_severity Major, updated_at 2023_04_27, reviewed_at 2023_10_11, former_sid 2853727
Reference:
-
cve
-
2023-23397
Protocol: tcp
Source Network: any
Source Port: any
Destination Network: [$HOME_NET,$SMTP_SERVERS]
Destination Port: [25,465,587,2525]
Flow:
Contents:
-
Value: "SVBNLk1pY3Jvc29mdCBNYWlsLk5vdG"
-
Value: "|0d 0a 0d 0a|"
-
Value: "|78 9f 3e 22|" Depth: 4
-
Value: "IPM.Microsoft|20|Mail.Note"
-
Value: "|5c|"
Within:
PCRE: "/^\x00?\\x00?[\w.-\x00]+\/R"
Special Options:
-
fast_pattern
-
base64_data