Yara Rule For CVE-2010-0805

Internet Explorer Tabular Data Control ActiveX Memory Corruption CVE-2010-0805 ported to Metasploit, so I decided to release the detection rule for Yara

rule MSIETabularActivex
{
        meta:
                ref = "CVE-2010-0805"
                impact = 7
                hide = true
        strings:
                $cve20100805_1 = "333C7BC4-460F-11D0-BC04-0080C7055A83" nocase fullword
                $cve20100805_2 = "DataURL" nocase fullword
                $cve20100805_3 = /value\=\"http:\/\/(.*?)\"/ nocase fullword
        condition:
                ($cve20100805_1 and $cve20100805_3) or (all of them)
}

Credit:

  1. ZSploit.com
  2. Metasploit
  3. @d3t0n4t0r

9 Responses to Yara Rule For CVE-2010-0805

  1. xanda, is this just for the IE or can also be added to Mozilla

  2. wey d4rKn19t , so you stupid heh??

  3. hahaha….

  4. Pingback: Ucuz Pratik Hızlı Lezzetli Yemek Tarifleri » Blog Archive » Baharatlı Tuna Salatası

  5. Pingback: Ucuz Pratik Hızlı Lezzetli Yemek Tarifleri » Blog Archive » Gözleme

  6. Pingback: Tweets that mention Yara Rule For CVE-2010-0805 | Xanda's Blog !~! -- Topsy.com

  7. Pingback: Yara (and JSunpack) Rule For C… | Xanda's Twitter

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Go to top