12-29-2005 11:36 AM - edited 03-10-2019 01:49 AM
Based on bleeding snort sid, this is what I've got, but it doesn't seem to be working:
wmf exploit file:
\x01\x00\x09\x00\x00\x03.{10}\x00\x00.{0, 5000}\x26\x06\x09\x00
12-29-2005 01:45 PM
Signature 5693-1 which was released in S210 addresses this vulnerability.
01-04-2006 07:49 AM
I installed release S211 (modified 5693-1 signature) and attempted to download an WMF file across the sensor, but the signature did not fire. What causes the WMF signature to fire?
01-04-2006 08:06 AM
This signature fires upon detecting a malicious wmf file downloaded from a web server running on a port specified in the #WEBPORTS variable.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide
Log in to Community
