SHELLCODE: X86 OS agnostic Dword Additive Feedback Decoder Routine Over TCP-STC
This signature detects payloads being transferred over network that have been encoded using x86 dword additive feedback decoder routine. This may be an indication of someone trying to evade anti-virus/IPS solutions and possibly drop malicious code.
Extended Description
Buffer overflow in AT&T WinVNC (Virtual Network Computing) client 3.3.3r7 and earlier allows remote attackers to execute arbitrary commands via a long rfbConnFailed packet with a long reason string.
Affected Products
Att winvnc
References
CVE: CVE-2001-0167
Short Name
SHELLCODE:X86:DWORD-ADITIVE-STC
Severity
Critical
Recommended
True
Recommended Action
Drop
Category
SHELLCODE
Keywords
Additive CVE-2001-0167 Decoder Dword Feedback OS Over Routine TCP-STC X86 agnostic
Release Date
08/12/2015
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3761
Port
TCP/0-79,81-442,444-3127,3129-7999,8001-8079,8081-65535
False Positive
Unknown
Vendors
Att
CVSS Score
7.6