SHELLCODE: X86 Microsoft Win32 Export Table Enumeration Variant Detection Over HTTP-CTS
This signature detects payloads being transferred over network that have been using x86 Microsoft Win32 export table enumeration variant. This may be an indication of someone trying to evade anti-virus/IPS solutions and possibly drop malicious code.
Extended Description
Buffer overflow in the chunked encoding transfer mechanism in Internet Information Server (IIS) 4.0 and 5.0 Active Server Pages allows attackers to cause a denial of service or execute arbitrary code.
Affected Products
Microsoft internet_information_services
Short Name
SHELLCODE:X86:WIN32-ENUM-80C
Severity
Critical
Recommended
True
Recommended Action
Drop
Category
SHELLCODE
Keywords
CVE-2002-0079 Detection Enumeration Export HTTP-CTS Microsoft Over Table Variant Win32 X86 bid:4485
Release Date
08/17/2015
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3761
False Positive
Unknown
Vendors
Microsoft