Yara Rule For CVE-2010-0805
Posted: April 6th, 2010 | Author: xanda | Filed under: IT Related | Tags: ActiveX, CVE-2010-0805, detection, internet explorer, jsunpack, Tabular Data Control, yara | 9 Comments »Internet Explorer Tabular Data Control ActiveX Memory Corruption CVE-2010-0805 ported to Metasploit, so I decided to release the detection rule for Yara
rule MSIETabularActivex { meta: ref = "CVE-2010-0805" impact = 7 hide = true strings: $cve20100805_1 = "333C7BC4-460F-11D0-BC04-0080C7055A83" nocase fullword $cve20100805_2 = "DataURL" nocase fullword $cve20100805_3 = /value\=\"http:\/\/(.*?)\"/ nocase fullword condition: ($cve20100805_1 and $cve20100805_3) or (all of them) } |
Credit:
xanda, is this just for the IE or can also be added to Mozilla
wey d4rKn19t , so you stupid heh??
hahaha….
@landak
hahaha
[…] Yara Rule For CVE-2010-0805 | Xanda's Blog !~! […]
[…] Yara Rule For CVE-2010-0805 | Xanda's Blog !~! […]
[…] This post was mentioned on Twitter by xanda. xanda said: Yara (and JSunpack) Rule For CVE-2010-0805 http://blog.xanda.org/2010/04/06/yara-rule-for-cve-2010-0805/ […]
=.=!!!
[…] (and JSunpack) Rule For CVE-2010-0805 http://blog.xanda.org/2010/04/06/yara-rule-for-cve-2010-0805/ […]