Internet Explorer Tabular Data Control ActiveX Memory Corruption CVE-2010-0805 ported to Metasploit, so I decided to release the detection rule for Yara
rule MSIETabularActivex
{
meta:
ref = "CVE-2010-0805"
impact = 7
hide = true
strings:
$cve20100805_1 = "333C7BC4-460F-11D0-BC04-0080C7055A83" nocase fullword
$cve20100805_2 = "DataURL" nocase fullword
$cve20100805_3 = /value\=\"http:\/\/(.*?)\"/ nocase fullword
condition:
($cve20100805_1 and $cve20100805_3) or (all of them)
} |
rule MSIETabularActivex
{
meta:
ref = "CVE-2010-0805"
impact = 7
hide = true
strings:
$cve20100805_1 = "333C7BC4-460F-11D0-BC04-0080C7055A83" nocase fullword
$cve20100805_2 = "DataURL" nocase fullword
$cve20100805_3 = /value\=\"http:\/\/(.*?)\"/ nocase fullword
condition:
($cve20100805_1 and $cve20100805_3) or (all of them)
}
Credit:
- ZSploit.com
- Metasploit
- @d3t0n4t0r