Sneed-Reactivity/yara-mikesxrs/codewatchorg/cve_2013_0422.yar

rule CVE_2013_0422
{
        meta:
                description = "Java Applet JMX Remote Code Execution"
                cve = "CVE-2013-0422"
                ref = "http://pastebin.com/JVedyrCe"
                author = "adnan.shukor@gmail.com"
                date = "12-Jan-2013"
                version = "1"
                impact = 4
                hide = false
        strings:
                $0422_1 = "com/sun/jmx/mbeanserver/JmxMBeanServer" fullword
                $0422_2 = "com/sun/jmx/mbeanserver/JmxMBeanServerBuilder" fullword
                $0422_3 = "com/sun/jmx/mbeanserver/MBeanInstantiator" fullword
                $0422_4 = "findClass" fullword
                $0422_5 = "publicLookup" fullword
                $class = /sun\.org\.mozilla\.javascript\.internal\.(Context|GeneratedClassLoader)/ fullword 
        condition:
                (all of ($0422_*)) or (all of them)
}
OMG ISTG PLS WORK RED PILL :red_circle: :pill: 2024-07-25 17:43:35 +00:00			`rule CVE_2013_0422`
			`{`
			`meta:`
			`description = "Java Applet JMX Remote Code Execution"`
			`cve = "CVE-2013-0422"`
			`ref = "http://pastebin.com/JVedyrCe"`
			`author = "adnan.shukor@gmail.com"`
			`date = "12-Jan-2013"`
			`version = "1"`
			`impact = 4`
			`hide = false`
			`strings:`
			`$0422_1 = "com/sun/jmx/mbeanserver/JmxMBeanServer" fullword`
			`$0422_2 = "com/sun/jmx/mbeanserver/JmxMBeanServerBuilder" fullword`
			`$0422_3 = "com/sun/jmx/mbeanserver/MBeanInstantiator" fullword`
			`$0422_4 = "findClass" fullword`
			`$0422_5 = "publicLookup" fullword`
			`$class = /sun\.org\.mozilla\.javascript\.internal\.(Context\|GeneratedClassLoader)/ fullword`
			`condition:`
			`(all of ($0422_*)) or (all of them)`
			`}`