SHELLCODE: X86 fldz GET EIP Over HTTP-STC
This signature detects payloads being transferred over network that have been using x86 fldz get eip. This may be an indication of someone trying to evade anti-virus/IPS solutions and possibly drop malicious code.
Extended Description
Stack-based buffer overflow in CoolPlayer 2.18, and possibly other versions, allows user-assisted remote attackers to execute arbitrary code via a crafted m3u file.
Affected Products
Coolplayer coolplayer
References
BugTraq: 39070 30418 24330 22100
CVE: CVE-2007-2864
URL: http://www.oracle.com/technology/deploy/security/critical-patch-updates/javacpumar2010.html http://www.anspi.pl/~porkythepig/visualization/cnt-expl1.cpp http://supportconnectw.ca.com/public/antivirus/infodocs/caantivirus-securitynotice.asp http://www.zerodayinitiative.com/advisories/zdi-07-035.html
Short Name
SHELLCODE:X86:FLDZ-GET-EIP-80S
Severity
Critical
Recommended
True
Recommended Action
Drop
Category
SHELLCODE
Keywords
CVE-2007-0352 CVE-2007-2864 CVE-2008-3408 CVE-2010-0839 EIP GET HTTP-STC Over X86 bid:22100 bid:24330 bid:30418 bid:39070 fldz
Release Date
08/17/2015
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3709
False Positive
Unknown
Vendors
Coolplayer