Posted: April 21st, 2010 | Author: xanda | Filed under: IT Related | Tags: 0day, Deployment Toolki, java, jsunpack, yara | No Comments »
rule JavaDeploymentToolkit
{
meta:
ref = "CVE-2010-0887"
impact = 7
strings:
$cve20100887_1 = "CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA" nocase fullword
$cve20100887_2 = "document.createElement(\"OBJECT\")" nocase fullword
$cve20100887_3 = "application/npruntime-scriptable-plugin;deploymenttoolkit" nocase fullword
$cve20100887_4 = "application/java-deployment-toolkit" nocase fullword
$cve20100887_5 = "document.body.appendChild(" nocase fullword
$cve20100887_6 = /.*?.launch\(.*?\)/
$cve20100887_7 = "-J-jar -J" nocase fullword
condition:
3 of them
} |
rule JavaDeploymentToolkit
{
meta:
ref = "CVE-2010-0887"
impact = 7
strings:
$cve20100887_1 = "CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA" nocase fullword
$cve20100887_2 = "document.createElement(\"OBJECT\")" nocase fullword
$cve20100887_3 = "application/npruntime-scriptable-plugin;deploymenttoolkit" nocase fullword
$cve20100887_4 = "application/java-deployment-toolkit" nocase fullword
$cve20100887_5 = "document.body.appendChild(" nocase fullword
$cve20100887_6 = /.*?.launch\(.*?\)/
$cve20100887_7 = "-J-jar -J" nocase fullword
condition:
3 of them
}