""ET EXPLOIT Possible Microsoft Outlook Elevation of Privilege Payload Observed M6 (CVE-2023-23397)""
SID: 2044685
Revision: 3
Class Type: attempted-admin
Metadata: created_at 2023_03_16, cve CVE_2023_23397, signature_severity Major, updated_at 2023_04_27, reviewed_at 2023_10_11, former_sid 2853731
Reference:
-
cve
-
2023-23397
Protocol: tcp
Source Network: $SMTP_SERVERS
Source Port: any
Destination Network: any
Destination Port: any
Flow:
Contents:
-
Value: "SQBQAE0ALgBUAGEAcwBrA"
-
Value: "|0d 0a 0d 0a|"
-
Value: "|78 9f 3e 22|" Depth: 4
-
Value: "|00|I|00|P|00|M|00|.|00|T|00|a|00|s|00|k"
-
Value: "|5c|"
Within:
PCRE: "/^\x00?\\x00?[\w.-\x00]+\/R"
Special Options:
-
fast_pattern
-
base64_data