""ET EXPLOIT Possible Microsoft Outlook Elevation of Privilege Payload Observed M4 (CVE-2023-23397)""
SID: 2044683
Revision: 3
Class Type: attempted-admin
Metadata: created_at 2023_03_16, cve CVE_2023_23397, signature_severity Major, updated_at 2023_04_27, reviewed_at 2023_10_11, former_sid 2853729
Reference:
-
cve
-
2023-23397
Protocol: tcp
Source Network: any
Source Port: any
Destination Network: [$HOME_NET,$SMTP_SERVERS]
Destination Port: [25,465,587,2525]
Flow:
Contents:
-
Value: "SQBQAE0ALgBNAGkAYwByAG8AcwBvAGYAdAAgAE0AYQBpAGwALgBOAG8AdABlA"
-
Value: "|0d 0a 0d 0a|"
-
Value: "|78 9f 3e 22|" Depth: 4
-
Value: "I|00|P|00|M|00|.|00|M|00|i|00|c|00|r|00|o|00|s|00|o|00|f|00|t|00 20 00|M|00|a|00|i|00|l|00|.|00|N|00|o|00|t|00|e"
-
Value: "|5c|"
Within:
PCRE: "/^\x00?\\x00?[\w.-\x00]+\/R"
Special Options:
-
fast_pattern
-
base64_data