Snort_AIPreproc/corr_rules/1-15384-3.xml

15 lines
540 B
XML

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE hyperalert PUBLIC "-//blacklight//DTD HYPERALERT SNORT MODEL//EN" "http://0x00.ath.cx/hyperalert.dtd">
<hyperalert>
<snort-id>1.15384.3</snort-id>
<desc>WEB-CLIENT Apple QuickTime pict image poly structure memory corruption attempt</desc>
<pre>HostExists(+DST_ADDR+)</pre>
<pre>HasService(+DST_ADDR+, +DST_PORT+)</pre>
<pre>HasHttpInfo(+SRC_ADDR+, +DST_ADDR+)</pre>
<pre>HasFileInfo(+SRC_ADDR+, +DST_ADDR+)</pre>
<post>HasRemoteAccess(+SRC_ADDR+, +DST_ADDR+)</post>
</hyperalert>