21 lines
No EOL
516 B
Text
21 lines
No EOL
516 B
Text
rule exploit_Silverlight_Toropov_Generic_XAP {
|
|
|
|
meta:
|
|
|
|
author = "Kaspersky Lab"
|
|
filetype = "Win32 EXE"
|
|
date = "2015-07-23"
|
|
version = "1.0"
|
|
Reference = "https://securelist.com/blog/research/73255/the-mysterious-case-of-cve-2016-0034-the-hunt-for-a-microsoft-silverlight-0-day/"
|
|
|
|
strings:
|
|
|
|
$b2="Can't find Payload() address" ascii wide
|
|
$b3="/SilverApp1;compoent/App.xaml" ascii wide
|
|
$b4="Can't allocate ums after buf[]" ascii wide
|
|
$b5="------------ START ------------"
|
|
|
|
condition:
|
|
|
|
((2 of ($b*)) )
|
|
} |