MS Word RTF Parsing Vul detection rule

CVE-2010-1901

alert tcp any any -> any any (flow:established content:”datafield”; pcre:”/\x5cdatafield\s?\x5c(emf|png|jpeg)blip/i”;)

CVE-2010-1902

alert tcp any any -> any any (flow:established content:”dpcallout”; pcre:”/\x5cdpcallout\s?\x5cdppolyline/i”;)

Advertisements

About this entry