SHELLCODE: Metasploit x86/unicode_mixed Encoder Routine Over HTTP-CTS
This signature detects payloads being transferred over HTTP protocol that have been encoded using the x86/unicode_mixed encoder routine. This may be an indication of someone trying to evade anti-virus/IPS solutions and possibly drop malicious code.
Extended Description
Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services (IIS) 6.0 in Microsoft Windows Server 2003 R2 allows remote attackers to execute arbitrary code via a long header beginning with "If: <http://" in a PROPFIND request, as exploited in the wild in July or August 2016.
Short Name
SHELLCODE:X86:UNICODE-MIXED-80C
Severity
Critical
Recommended
True
Recommended Action
Drop
Category
SHELLCODE
Keywords
CVE-2017-7269 Encoder HTTP-CTS Metasploit Over Routine x86/unicode_mixed
Release Date
07/21/2014
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3415
False Positive
Unknown
CVSS Score
10.0