CVE-2003-0995
published 2004-01-05CVE-2003-0995: Buffer overflow in the Microsoft Message Queue Manager (MSQM) allows remote attackers to cause a denial of service (RPC service crash) via a queue registration…
PriorityP429high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
10.04%
95.0th percentile
Buffer overflow in the Microsoft Message Queue Manager (MSQM) allows remote attackers to cause a denial of service (RPC service crash) via a queue registration request.
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Suricata
GPL NETBIOS SMB msqueue unicode little endian bind attempt
suricata·2010-09-23
CVE-2003-0995 GPL NETBIOS SMB msqueue unicode little endian bind attempt
GPL NETBIOS SMB msqueue unicode little endian bind attempt
Rule: alert tcp $EXTERNAL_NET any -> $HOME_NET 139 (msg:"GPL NETBIOS SMB msqueue unicode little endian bind attempt"; flow:established,to_server; flowbits:set,smb.tree.bind.msqueue; flowbits:noalert; content:"|00|"; depth:1; content:"|FF|SMB%"; within:5; distance:3; byte_test:1,&,128,6,relative; content:"&|00|"; within:2; distance:56; content:"|5C 00|P|00|I|00|P|00|E|00 5C 00 00 00|"; distance:4; nocase; byte_jump:2,-17,relative,from_beginning,little; content:"|05|"; distance:4; within:1; byte_test:1,&,16,3,relative; content:"|0B|"; within:1; distance:1; content:"|B0 01|R|97 CA|Y|D0 11 A8 D5 00 A0 C9 0D 80|Q"; within:16; distance:29; reference:cve,2003-0995; reference:url,www.eeye.com/html/Research/Advisories/AD20030910.html; refe
Suricata
GPL NETBIOS SMB msqueue little endian andx bind attempt
suricata·2010-09-23
CVE-2003-0995 GPL NETBIOS SMB msqueue little endian andx bind attempt
GPL NETBIOS SMB msqueue little endian andx bind attempt
Rule: alert tcp $EXTERNAL_NET any -> $HOME_NET 139 (msg:"GPL NETBIOS SMB msqueue little endian andx bind attempt"; flow:established,to_server; flowbits:set,smb.tree.bind.msqueue; flowbits:noalert; content:"|00|"; depth:1; content:"|FF|SMB"; within:4; distance:3; pcre:"/^(\x75|\x2d|\x2f|\x73|\xa2|\x2e|\x24|\x74)/sR"; byte_test:1,!&,128,6,relative; content:"%"; depth:1; offset:39; byte_jump:2,0,little,relative; content:"&|00|"; within:2; distance:29; content:"|5C|PIPE|5C 00|"; distance:4; nocase; byte_jump:2,-17,relative,from_beginning,little; content:"|05|"; distance:4; within:1; byte_test:1,&,16,3,relative; content:"|0B|"; within:1; distance:1; content:"|B0 01|R|97 CA|Y|D0 11 A8 D5 00 A0 C9 0D 80|Q"; within:16; distance:29; reference
Suricata
GPL NETBIOS DCERPC msqueue bind attempt
suricata·2010-09-23
CVE-2003-0995 GPL NETBIOS DCERPC msqueue bind attempt
GPL NETBIOS DCERPC msqueue bind attempt
Rule: alert tcp $EXTERNAL_NET any -> $HOME_NET 135 (msg:"GPL NETBIOS DCERPC msqueue bind attempt"; flow:established,to_server; flowbits:set,smb.tree.bind.msqueue; flowbits:noalert; content:"|05|"; depth:1; byte_test:1,!&,16,3,relative; content:"|0B|"; within:1; distance:1; content:"|B0 01|R|97 CA|Y|D0 11 A8 D5 00 A0 C9 0D 80|Q"; within:16; distance:29; reference:cve,2003-0995; reference:url,www.eeye.com/html/Research/Advisories/AD20030910.html; reference:url,www.microsoft.com/technet/security/bulletin/MS03-026.mspx; classtype:protocol-command-decode; sid:2103156; rev:6; metadata:created_at 2010_09_23, cve CVE_2003_0995, confidence Medium, signature_severity Informational, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_03_14;)
Suricata
GPL NETBIOS SMB-DS CoGetInstanceFromFile little endian andx overflow attempt
suricata·2010-09-23
CVE-2003-0995 GPL NETBIOS SMB-DS CoGetInstanceFromFile little endian andx overflow attempt
GPL NETBIOS SMB-DS CoGetInstanceFromFile little endian andx overflow attempt
Rule: alert tcp $EXTERNAL_NET any -> $HOME_NET 445 (msg:"GPL NETBIOS SMB-DS CoGetInstanceFromFile little endian andx overflow attempt"; flow:established,to_server; flowbits:isset,smb.tree.bind.msqueue; content:"|00|"; depth:1; content:"|FF|SMB"; within:4; distance:3; pcre:"/^(\x75|\x2d|\x2f|\x73|\xa2|\x2e|\x24|\x74)/sR"; byte_test:1,!&,128,6,relative; content:"%"; depth:1; offset:39; byte_jump:2,0,little,relative; content:"&|00|"; within:2; distance:29; content:"|5C|PIPE|5C 00|"; distance:4; nocase; byte_jump:2,-17,relative,from_beginning,little; content:"|05|"; distance:4; within:1; byte_test:1,&,16,3,relative; content:"|00|"; within:1; distance:1; content:"|01 00|"; within:2; distance:19; byte_test:4,>,128,20,r
Suricata
GPL NETBIOS DCERPC CoGetInstanceFromFile overflow attempt
suricata·2010-09-23
CVE-2003-0995 GPL NETBIOS DCERPC CoGetInstanceFromFile overflow attempt
GPL NETBIOS DCERPC CoGetInstanceFromFile overflow attempt
Rule: alert tcp $EXTERNAL_NET any -> $HOME_NET 135 (msg:"GPL NETBIOS DCERPC CoGetInstanceFromFile overflow attempt"; flow:established,to_server; flowbits:isset,smb.tree.bind.msqueue; content:"|05|"; byte_test:1,!&,16,3,relative; content:"|00|"; within:1; distance:1; content:"|01 00|"; within:2; distance:19; byte_test:4,>,128,20,relative; reference:cve,2003-0995; reference:url,www.eeye.com/html/Research/Advisories/AD20030910.html; reference:url,www.microsoft.com/technet/security/bulletin/MS03-026.mspx; classtype:attempted-admin; sid:2103159; rev:4; metadata:created_at 2010_09_23, cve CVE_2003_0995, confidence Medium, signature_severity Informational, updated_at 2019_07_26;)
Suricata
GPL NETBIOS SMB-DS msqueue unicode bind attempt
suricata·2010-09-23
CVE-2003-0995 GPL NETBIOS SMB-DS msqueue unicode bind attempt
GPL NETBIOS SMB-DS msqueue unicode bind attempt
Rule: alert tcp $EXTERNAL_NET any -> $HOME_NET 445 (msg:"GPL NETBIOS SMB-DS msqueue unicode bind attempt"; flow:established,to_server; flowbits:set,smb.tree.bind.msqueue; flowbits:noalert; content:"|00|"; depth:1; content:"|FF|SMB%"; within:5; distance:3; byte_test:1,&,128,6,relative; content:"&|00|"; within:2; distance:56; content:"|5C 00|P|00|I|00|P|00|E|00 5C 00 00 00|"; distance:4; nocase; byte_jump:2,-17,relative,from_beginning,little; content:"|05|"; distance:4; within:1; byte_test:1,!&,16,3,relative; content:"|0B|"; within:1; distance:1; content:"|B0 01|R|97 CA|Y|D0 11 A8 D5 00 A0 C9 0D 80|Q"; within:16; distance:29; reference:cve,2003-0995; reference:url,www.eeye.com/html/Research/Advisories/AD20030910.html; reference:url,www.microso
Suricata
GPL NETBIOS DCERPC msqueue little endian bind attempt
suricata·2010-09-23
CVE-2003-0995 GPL NETBIOS DCERPC msqueue little endian bind attempt
GPL NETBIOS DCERPC msqueue little endian bind attempt
Rule: alert tcp $EXTERNAL_NET any -> $HOME_NET 135 (msg:"GPL NETBIOS DCERPC msqueue little endian bind attempt"; flow:established,to_server; flowbits:set,smb.tree.bind.msqueue; flowbits:noalert; content:"|05|"; depth:1; byte_test:1,&,16,3,relative; content:"|0B|"; within:1; distance:1; content:"|B0 01|R|97 CA|Y|D0 11 A8 D5 00 A0 C9 0D 80|Q"; within:16; distance:29; reference:cve,2003-0995; reference:url,www.eeye.com/html/Research/Advisories/AD20030910.html; reference:url,www.microsoft.com/technet/security/bulletin/MS03-026.mspx; classtype:protocol-command-decode; sid:2103157; rev:6; metadata:created_at 2010_09_23, cve CVE_2003_0995, confidence Medium, signature_severity Informational, tag Description_Generated_By_Proofpoint_Nexus, upda
Suricata
GPL NETBIOS SMB-DS CoGetInstanceFromFile little endian overflow attempt
suricata·2010-09-23
CVE-2003-0995 GPL NETBIOS SMB-DS CoGetInstanceFromFile little endian overflow attempt
GPL NETBIOS SMB-DS CoGetInstanceFromFile little endian overflow attempt
Rule: alert tcp $EXTERNAL_NET any -> $HOME_NET 445 (msg:"GPL NETBIOS SMB-DS CoGetInstanceFromFile little endian overflow attempt"; flow:established,to_server; flowbits:isset,smb.tree.bind.msqueue; content:"|00|"; depth:1; content:"|FF|SMB%"; within:5; distance:3; byte_test:1,!&,128,6,relative; content:"&|00|"; within:2; distance:56; content:"|5C|PIPE|5C 00|"; distance:4; nocase; byte_jump:2,-17,relative,from_beginning,little; content:"|05|"; distance:4; within:1; byte_test:1,&,16,3,relative; content:"|00|"; within:1; distance:1; content:"|01 00|"; within:2; distance:19; byte_test:4,>,128,20,relative; reference:cve,2003-0995; reference:url,www.eeye.com/html/Research/Advisories/AD20030910.html; reference:url,www.microso
Suricata
GPL NETBIOS SMB msqueue unicode little endian andx bind attempt
suricata·2010-09-23
CVE-2003-0995 GPL NETBIOS SMB msqueue unicode little endian andx bind attempt
GPL NETBIOS SMB msqueue unicode little endian andx bind attempt
Rule: alert tcp $EXTERNAL_NET any -> $HOME_NET 139 (msg:"GPL NETBIOS SMB msqueue unicode little endian andx bind attempt"; flow:established,to_server; flowbits:set,smb.tree.bind.msqueue; flowbits:noalert; content:"|00|"; depth:1; content:"|FF|SMB"; within:4; distance:3; pcre:"/^(\x75|\x2d|\x2f|\x73|\xa2|\x2e|\x24|\x74)/sR"; byte_test:1,&,128,6,relative; content:"%"; depth:1; offset:39; byte_jump:2,0,little,relative; content:"&|00|"; within:2; distance:29; content:"|5C 00|P|00|I|00|P|00|E|00 5C 00 00 00|"; distance:4; nocase; byte_jump:2,-17,relative,from_beginning,little; content:"|05|"; distance:4; within:1; byte_test:1,&,16,3,relative; content:"|0B|"; within:1; distance:1; content:"|B0 01|R|97 CA|Y|D0 11 A8 D5 00 A0 C9 0D 8
Suricata
GPL NETBIOS SMB-DS CoGetInstanceFromFile unicode little endian overflow attempt
suricata·2010-09-23
CVE-2003-0995 GPL NETBIOS SMB-DS CoGetInstanceFromFile unicode little endian overflow attempt
GPL NETBIOS SMB-DS CoGetInstanceFromFile unicode little endian overflow attempt
Rule: alert tcp $EXTERNAL_NET any -> $HOME_NET 445 (msg:"GPL NETBIOS SMB-DS CoGetInstanceFromFile unicode little endian overflow attempt"; flow:established,to_server; flowbits:isset,smb.tree.bind.msqueue; content:"|00|"; depth:1; content:"|FF|SMB%"; within:5; distance:3; byte_test:1,&,128,6,relative; content:"&|00|"; within:2; distance:56; content:"|5C 00|P|00|I|00|P|00|E|00 5C 00 00 00|"; distance:4; nocase; byte_jump:2,-17,relative,from_beginning,little; content:"|05|"; distance:4; within:1; byte_test:1,&,16,3,relative; content:"|00|"; within:1; distance:1; content:"|01 00|"; within:2; distance:19; byte_test:4,>,256,20,relative; reference:cve,2003-0995; reference:url,www.eeye.com/html/Research/Advisories/AD2
Suricata
GPL NETBIOS SMB-DS msqueue bind attempt
suricata·2010-09-23
CVE-2003-0995 GPL NETBIOS SMB-DS msqueue bind attempt
GPL NETBIOS SMB-DS msqueue bind attempt
Rule: alert tcp $EXTERNAL_NET any -> $HOME_NET 445 (msg:"GPL NETBIOS SMB-DS msqueue bind attempt"; flow:established,to_server; flowbits:set,smb.tree.bind.msqueue; flowbits:noalert; content:"|00|"; depth:1; content:"|FF|SMB%"; within:5; distance:3; byte_test:1,!&,128,6,relative; content:"&|00|"; within:2; distance:56; content:"|5C|PIPE|5C 00|"; distance:4; nocase; byte_jump:2,-17,relative,from_beginning,little; content:"|05|"; distance:4; within:1; byte_test:1,!&,16,3,relative; content:"|0B|"; within:1; distance:1; content:"|B0 01|R|97 CA|Y|D0 11 A8 D5 00 A0 C9 0D 80|Q"; within:16; distance:29; reference:cve,2003-0995; reference:url,www.eeye.com/html/Research/Advisories/AD20030910.html; reference:url,www.microsoft.com/technet/security/bulletin/MS03-0
Suricata
GPL NETBIOS SMB CoGetInstanceFromFile little endian overflow attempt
suricata·2010-09-23
CVE-2003-0995 GPL NETBIOS SMB CoGetInstanceFromFile little endian overflow attempt
GPL NETBIOS SMB CoGetInstanceFromFile little endian overflow attempt
Rule: alert tcp $EXTERNAL_NET any -> $HOME_NET 139 (msg:"GPL NETBIOS SMB CoGetInstanceFromFile little endian overflow attempt"; flow:established,to_server; flowbits:isset,smb.tree.bind.msqueue; content:"|00|"; depth:1; content:"|FF|SMB%"; within:5; distance:3; byte_test:1,!&,128,6,relative; content:"&|00|"; within:2; distance:56; content:"|5C|PIPE|5C 00|"; distance:4; nocase; byte_jump:2,-17,relative,from_beginning,little; content:"|05|"; distance:4; within:1; byte_test:1,&,16,3,relative; content:"|00|"; within:1; distance:1; content:"|01 00|"; within:2; distance:19; byte_test:4,>,128,20,relative; reference:cve,2003-0995; reference:url,www.eeye.com/html/Research/Advisories/AD20030910.html; reference:url,www.microsoft.com
Suricata
GPL NETBIOS SMB CoGetInstanceFromFile unicode little endian andx overflow attempt
suricata·2010-09-23
CVE-2003-0995 GPL NETBIOS SMB CoGetInstanceFromFile unicode little endian andx overflow attempt
GPL NETBIOS SMB CoGetInstanceFromFile unicode little endian andx overflow attempt
Rule: alert tcp $EXTERNAL_NET any -> $HOME_NET 139 (msg:"GPL NETBIOS SMB CoGetInstanceFromFile unicode little endian andx overflow attempt"; flow:established,to_server; flowbits:isset,smb.tree.bind.msqueue; content:"|00|"; depth:1; content:"|FF|SMB"; within:4; distance:3; pcre:"/^(\x75|\x2d|\x2f|\x73|\xa2|\x2e|\x24|\x74)/sR"; byte_test:1,&,128,6,relative; content:"%"; depth:1; offset:39; byte_jump:2,0,little,relative; content:"&|00|"; within:2; distance:29; content:"|5C 00|P|00|I|00|P|00|E|00 5C 00 00 00|"; distance:4; nocase; byte_jump:2,-17,relative,from_beginning,little; content:"|05|"; distance:4; within:1; byte_test:1,&,16,3,relative; content:"|00|"; within:1; distance:1; content:"|01 00|"; within:2; di
Suricata
GPL NETBIOS SMB-DS msqueue unicode little endian andx bind attempt
suricata·2010-09-23
CVE-2003-0995 GPL NETBIOS SMB-DS msqueue unicode little endian andx bind attempt
GPL NETBIOS SMB-DS msqueue unicode little endian andx bind attempt
Rule: alert tcp $EXTERNAL_NET any -> $HOME_NET 445 (msg:"GPL NETBIOS SMB-DS msqueue unicode little endian andx bind attempt"; flow:established,to_server; flowbits:set,smb.tree.bind.msqueue; flowbits:noalert; content:"|00|"; depth:1; content:"|FF|SMB"; within:4; distance:3; pcre:"/^(\x75|\x2d|\x2f|\x73|\xa2|\x2e|\x24|\x74)/sR"; byte_test:1,&,128,6,relative; content:"%"; depth:1; offset:39; byte_jump:2,0,little,relative; content:"&|00|"; within:2; distance:29; content:"|5C 00|P|00|I|00|P|00|E|00 5C 00 00 00|"; distance:4; nocase; byte_jump:2,-17,relative,from_beginning,little; content:"|05|"; distance:4; within:1; byte_test:1,&,16,3,relative; content:"|0B|"; within:1; distance:1; content:"|B0 01|R|97 CA|Y|D0 11 A8 D5 00 A0 C
Suricata
GPL NETBIOS SMB CoGetInstanceFromFile little endian andx overflow attempt
suricata·2010-09-23
CVE-2003-0995 GPL NETBIOS SMB CoGetInstanceFromFile little endian andx overflow attempt
GPL NETBIOS SMB CoGetInstanceFromFile little endian andx overflow attempt
Rule: alert tcp $EXTERNAL_NET any -> $HOME_NET 139 (msg:"GPL NETBIOS SMB CoGetInstanceFromFile little endian andx overflow attempt"; flow:established,to_server; flowbits:isset,smb.tree.bind.msqueue; content:"|00|"; depth:1; content:"|FF|SMB"; within:4; distance:3; pcre:"/^(\x75|\x2d|\x2f|\x73|\xa2|\x2e|\x24|\x74)/sR"; byte_test:1,!&,128,6,relative; content:"%"; depth:1; offset:39; byte_jump:2,0,little,relative; content:"&|00|"; within:2; distance:29; content:"|5C|PIPE|5C 00|"; distance:4; nocase; byte_jump:2,-17,relative,from_beginning,little; content:"|05|"; distance:4; within:1; byte_test:1,&,16,3,relative; content:"|00|"; within:1; distance:1; content:"|01 00|"; within:2; distance:19; byte_test:4,>,128,20,relativ
Suricata
GPL NETBIOS SMB-DS msqueue little endian bind attempt
suricata·2010-09-23
CVE-2003-0995 GPL NETBIOS SMB-DS msqueue little endian bind attempt
GPL NETBIOS SMB-DS msqueue little endian bind attempt
Rule: alert tcp $EXTERNAL_NET any -> $HOME_NET 445 (msg:"GPL NETBIOS SMB-DS msqueue little endian bind attempt"; flow:established,to_server; flowbits:set,smb.tree.bind.msqueue; flowbits:noalert; content:"|00|"; depth:1; content:"|FF|SMB%"; within:5; distance:3; byte_test:1,!&,128,6,relative; content:"&|00|"; within:2; distance:56; content:"|5C|PIPE|5C 00|"; distance:4; nocase; byte_jump:2,-17,relative,from_beginning,little; content:"|05|"; distance:4; within:1; byte_test:1,&,16,3,relative; content:"|0B|"; within:1; distance:1; content:"|B0 01|R|97 CA|Y|D0 11 A8 D5 00 A0 C9 0D 80|Q"; within:16; distance:29; reference:cve,2003-0995; reference:url,www.eeye.com/html/Research/Advisories/AD20030910.html; reference:url,www.microsoft.com/techn
Suricata
GPL NETBIOS SMB CoGetInstanceFromFile unicode little endian overflow attempt
suricata·2010-09-23
CVE-2003-0995 GPL NETBIOS SMB CoGetInstanceFromFile unicode little endian overflow attempt
GPL NETBIOS SMB CoGetInstanceFromFile unicode little endian overflow attempt
Rule: alert tcp $EXTERNAL_NET any -> $HOME_NET 139 (msg:"GPL NETBIOS SMB CoGetInstanceFromFile unicode little endian overflow attempt"; flow:established,to_server; flowbits:isset,smb.tree.bind.msqueue; content:"|00|"; depth:1; content:"|FF|SMB%"; within:5; distance:3; byte_test:1,&,128,6,relative; content:"&|00|"; within:2; distance:56; content:"|5C 00|P|00|I|00|P|00|E|00 5C 00 00 00|"; distance:4; nocase; byte_jump:2,-17,relative,from_beginning,little; content:"|05|"; distance:4; within:1; byte_test:1,&,16,3,relative; content:"|00|"; within:1; distance:1; content:"|01 00|"; within:2; distance:19; byte_test:4,>,256,20,relative; reference:cve,2003-0995; reference:url,www.eeye.com/html/Research/Advisories/AD2003091
Suricata
GPL NETBIOS DCERPC CoGetInstanceFromFile little endian overflow attempt
suricata·2010-09-23
CVE-2003-0995 GPL NETBIOS DCERPC CoGetInstanceFromFile little endian overflow attempt
GPL NETBIOS DCERPC CoGetInstanceFromFile little endian overflow attempt
Rule: alert tcp $EXTERNAL_NET any -> $HOME_NET 135 (msg:"GPL NETBIOS DCERPC CoGetInstanceFromFile little endian overflow attempt"; flow:established,to_server; flowbits:isset,smb.tree.bind.msqueue; content:"|05|"; depth:1; byte_test:1,&,16,3,relative; content:"|00|"; offset:1; depth:1; content:"|01 00|"; distance:19; within:2; byte_test:4,>,128,20,relative,little; reference:cve,2003-0995; reference:url,www.eeye.com/html/Research/Advisories/AD20030910.html; reference:url,www.microsoft.com/technet/security/bulletin/MS03-026.mspx; classtype:attempted-admin; sid:2103158; rev:8; metadata:created_at 2010_09_23, cve CVE_2003_0995, confidence Medium, signature_severity Informational, updated_at 2022_04_18;)
Suricata
GPL NETBIOS SMB msqueue bind attempt
suricata·2010-09-23
CVE-2003-0995 GPL NETBIOS SMB msqueue bind attempt
GPL NETBIOS SMB msqueue bind attempt
Rule: alert tcp $EXTERNAL_NET any -> $HOME_NET 139 (msg:"GPL NETBIOS SMB msqueue bind attempt"; flow:established,to_server; flowbits:set,smb.tree.bind.msqueue; flowbits:noalert; content:"|00|"; depth:1; content:"|FF|SMB%"; within:5; distance:3; byte_test:1,!&,128,6,relative; content:"&|00|"; within:2; distance:56; content:"|5C|PIPE|5C 00|"; distance:4; nocase; byte_jump:2,-17,relative,from_beginning,little; content:"|05|"; distance:4; within:1; byte_test:1,!&,16,3,relative; content:"|0B|"; within:1; distance:1; content:"|B0 01|R|97 CA|Y|D0 11 A8 D5 00 A0 C9 0D 80|Q"; within:16; distance:29; reference:cve,2003-0995; reference:url,www.eeye.com/html/Research/Advisories/AD20030910.html; reference:url,www.microsoft.com/technet/security/bulletin/MS03-026.msp
Suricata
GPL NETBIOS SMB CoGetInstanceFromFile overflow attempt
suricata·2010-09-23
CVE-2003-0995 GPL NETBIOS SMB CoGetInstanceFromFile overflow attempt
GPL NETBIOS SMB CoGetInstanceFromFile overflow attempt
Rule: alert tcp $EXTERNAL_NET any -> $HOME_NET 139 (msg:"GPL NETBIOS SMB CoGetInstanceFromFile overflow attempt"; flow:established,to_server; flowbits:isset,smb.tree.bind.msqueue; content:"|00|"; depth:1; content:"|FF|SMB%"; within:5; distance:3; byte_test:1,!&,128,6,relative; content:"&|00|"; within:2; distance:56; content:"|5C|PIPE|5C 00|"; distance:4; nocase; byte_jump:2,-17,relative,from_beginning,little; content:"|05|"; distance:4; within:1; byte_test:1,!&,16,3,relative; content:"|00|"; within:1; distance:1; content:"|00 01|"; within:2; distance:19; byte_test:4,>,128,20,relative; reference:cve,2003-0995; reference:url,www.eeye.com/html/Research/Advisories/AD20030910.html; reference:url,www.microsoft.com/technet/security/bulletin/
Suricata
GPL NETBIOS SMB msqueue little endian bind attempt
suricata·2010-09-23
CVE-2003-0995 GPL NETBIOS SMB msqueue little endian bind attempt
GPL NETBIOS SMB msqueue little endian bind attempt
Rule: alert tcp $EXTERNAL_NET any -> $HOME_NET 139 (msg:"GPL NETBIOS SMB msqueue little endian bind attempt"; flow:established,to_server; flowbits:set,smb.tree.bind.msqueue; flowbits:noalert; content:"|00|"; depth:1; content:"|FF|SMB%"; within:5; distance:3; byte_test:1,!&,128,6,relative; content:"&|00|"; within:2; distance:56; content:"|5C|PIPE|5C 00|"; distance:4; nocase; byte_jump:2,-17,relative,from_beginning,little; content:"|05|"; distance:4; within:1; byte_test:1,&,16,3,relative; content:"|0B|"; within:1; distance:1; content:"|B0 01|R|97 CA|Y|D0 11 A8 D5 00 A0 C9 0D 80|Q"; within:16; distance:29; reference:cve,2003-0995; reference:url,www.eeye.com/html/Research/Advisories/AD20030910.html; reference:url,www.microsoft.com/technet/sec
Suricata
GPL NETBIOS SMB-DS CoGetInstanceFromFile overflow attempt
suricata·2010-09-23
CVE-2003-0995 GPL NETBIOS SMB-DS CoGetInstanceFromFile overflow attempt
GPL NETBIOS SMB-DS CoGetInstanceFromFile overflow attempt
Rule: alert tcp $EXTERNAL_NET any -> $HOME_NET 445 (msg:"GPL NETBIOS SMB-DS CoGetInstanceFromFile overflow attempt"; flow:established,to_server; flowbits:isset,smb.tree.bind.msqueue; content:"|00|"; depth:1; content:"|FF|SMB%"; within:5; distance:3; byte_test:1,!&,128,6,relative; content:"&|00|"; within:2; distance:56; content:"|5C|PIPE|5C 00|"; distance:4; nocase; byte_jump:2,-17,relative,from_beginning,little; content:"|05|"; distance:4; within:1; byte_test:1,!&,16,3,relative; content:"|00|"; within:1; distance:1; content:"|00 01|"; within:2; distance:19; byte_test:4,>,128,20,relative; reference:cve,2003-0995; reference:url,www.eeye.com/html/Research/Advisories/AD20030910.html; reference:url,www.microsoft.com/technet/security/bul
Suricata
GPL NETBIOS SMB CoGetInstanceFromFile unicode overflow attempt
suricata·2010-09-23
CVE-2003-0995 GPL NETBIOS SMB CoGetInstanceFromFile unicode overflow attempt
GPL NETBIOS SMB CoGetInstanceFromFile unicode overflow attempt
Rule: alert tcp $EXTERNAL_NET any -> $HOME_NET 139 (msg:"GPL NETBIOS SMB CoGetInstanceFromFile unicode overflow attempt"; flow:established,to_server; flowbits:isset,smb.tree.bind.msqueue; content:"|00|"; depth:1; content:"|FF|SMB%"; within:5; distance:3; byte_test:1,&,128,6,relative; content:"&|00|"; within:2; distance:56; content:"|5C 00|P|00|I|00|P|00|E|00 5C 00 00 00|"; distance:4; nocase; byte_jump:2,-17,relative,from_beginning,little; content:"|05|"; distance:4; within:1; byte_test:1,!&,16,3,relative; content:"|00|"; within:1; distance:1; content:"|00 01|"; within:2; distance:19; byte_test:4,>,256,20,relative; reference:cve,2003-0995; reference:url,www.eeye.com/html/Research/Advisories/AD20030910.html; reference:url,www.m
Suricata
GPL NETBIOS SMB-DS CoGetInstanceFromFile unicode little endian andx overflow attempt
suricata·2010-09-23
CVE-2003-0995 GPL NETBIOS SMB-DS CoGetInstanceFromFile unicode little endian andx overflow attempt
GPL NETBIOS SMB-DS CoGetInstanceFromFile unicode little endian andx overflow attempt
Rule: alert tcp $EXTERNAL_NET any -> $HOME_NET 445 (msg:"GPL NETBIOS SMB-DS CoGetInstanceFromFile unicode little endian andx overflow attempt"; flow:established,to_server; flowbits:isset,smb.tree.bind.msqueue; content:"|00|"; depth:1; content:"|FF|SMB"; within:4; distance:3; pcre:"/^(\x75|\x2d|\x2f|\x73|\xa2|\x2e|\x24|\x74)/sR"; byte_test:1,&,128,6,relative; content:"%"; depth:1; offset:39; byte_jump:2,0,little,relative; content:"&|00|"; within:2; distance:29; content:"|5C 00|P|00|I|00|P|00|E|00 5C 00 00 00|"; distance:4; nocase; byte_jump:2,-17,relative,from_beginning,little; content:"|05|"; distance:4; within:1; byte_test:1,&,16,3,relative; content:"|00|"; within:1; distance:1; content:"|01 00|"; within
Suricata
GPL NETBIOS SMB CoGetInstanceFromFile andx overflow attempt
suricata·2010-09-23
CVE-2003-0995 GPL NETBIOS SMB CoGetInstanceFromFile andx overflow attempt
GPL NETBIOS SMB CoGetInstanceFromFile andx overflow attempt
Rule: alert tcp $EXTERNAL_NET any -> $HOME_NET 139 (msg:"GPL NETBIOS SMB CoGetInstanceFromFile andx overflow attempt"; flow:established,to_server; flowbits:isset,smb.tree.bind.msqueue; content:"|00|"; depth:1; content:"|FF|SMB"; within:4; distance:3; pcre:"/^(\x75|\x2d|\x2f|\x73|\xa2|\x2e|\x24|\x74)/sR"; byte_test:1,!&,128,6,relative; content:"%"; depth:1; offset:39; byte_jump:2,0,little,relative; content:"&|00|"; within:2; distance:29; content:"|5C|PIPE|5C 00|"; distance:4; nocase; byte_jump:2,-17,relative,from_beginning,little; content:"|05|"; distance:4; within:1; byte_test:1,!&,16,3,relative; content:"|00|"; within:1; distance:1; content:"|00 01|"; within:2; distance:19; byte_test:4,>,128,20,relative; reference:cve,2003-0995;
Suricata
GPL NETBIOS SMB-DS msqueue andx bind attempt
suricata·2010-09-23
CVE-2003-0995 GPL NETBIOS SMB-DS msqueue andx bind attempt
GPL NETBIOS SMB-DS msqueue andx bind attempt
Rule: alert tcp $EXTERNAL_NET any -> $HOME_NET 445 (msg:"GPL NETBIOS SMB-DS msqueue andx bind attempt"; flow:established,to_server; flowbits:set,smb.tree.bind.msqueue; flowbits:noalert; content:"|00|"; depth:1; content:"|FF|SMB"; within:4; distance:3; pcre:"/^(\x75|\x2d|\x2f|\x73|\xa2|\x2e|\x24|\x74)/sR"; byte_test:1,!&,128,6,relative; content:"%"; depth:1; offset:39; byte_jump:2,0,little,relative; content:"&|00|"; within:2; distance:29; content:"|5C|PIPE|5C 00|"; distance:4; nocase; byte_jump:2,-17,relative,from_beginning,little; content:"|05|"; distance:4; within:1; byte_test:1,!&,16,3,relative; content:"|0B|"; within:1; distance:1; content:"|B0 01|R|97 CA|Y|D0 11 A8 D5 00 A0 C9 0D 80|Q"; within:16; distance:29; reference:cve,2003-0995; refer
Suricata
GPL NETBIOS SMB-DS msqueue unicode andx bind attempt
suricata·2010-09-23
CVE-2003-0995 GPL NETBIOS SMB-DS msqueue unicode andx bind attempt
GPL NETBIOS SMB-DS msqueue unicode andx bind attempt
Rule: alert tcp $EXTERNAL_NET any -> $HOME_NET 445 (msg:"GPL NETBIOS SMB-DS msqueue unicode andx bind attempt"; flow:established,to_server; flowbits:set,smb.tree.bind.msqueue; flowbits:noalert; content:"|00|"; depth:1; content:"|FF|SMB"; within:4; distance:3; pcre:"/^(\x75|\x2d|\x2f|\x73|\xa2|\x2e|\x24|\x74)/sR"; byte_test:1,&,128,6,relative; content:"%"; depth:1; offset:39; byte_jump:2,0,little,relative; content:"&|00|"; within:2; distance:29; content:"|5C 00|P|00|I|00|P|00|E|00 5C 00 00 00|"; distance:4; nocase; byte_jump:2,-17,relative,from_beginning,little; content:"|05|"; distance:4; within:1; byte_test:1,!&,16,3,relative; content:"|0B|"; within:1; distance:1; content:"|B0 01|R|97 CA|Y|D0 11 A8 D5 00 A0 C9 0D 80|Q"; within:16; dist
Suricata
GPL NETBIOS SMB msqueue unicode andx bind attempt
suricata·2010-09-23
CVE-2003-0995 GPL NETBIOS SMB msqueue unicode andx bind attempt
GPL NETBIOS SMB msqueue unicode andx bind attempt
Rule: alert tcp $EXTERNAL_NET any -> $HOME_NET 139 (msg:"GPL NETBIOS SMB msqueue unicode andx bind attempt"; flow:established,to_server; flowbits:set,smb.tree.bind.msqueue; flowbits:noalert; content:"|00|"; depth:1; content:"|FF|SMB"; within:4; distance:3; pcre:"/^(\x75|\x2d|\x2f|\x73|\xa2|\x2e|\x24|\x74)/sR"; byte_test:1,&,128,6,relative; content:"%"; depth:1; offset:39; byte_jump:2,0,little,relative; content:"&|00|"; within:2; distance:29; content:"|5C 00|P|00|I|00|P|00|E|00 5C 00 00 00|"; distance:4; nocase; byte_jump:2,-17,relative,from_beginning,little; content:"|05|"; distance:4; within:1; byte_test:1,!&,16,3,relative; content:"|0B|"; within:1; distance:1; content:"|B0 01|R|97 CA|Y|D0 11 A8 D5 00 A0 C9 0D 80|Q"; within:16; distance:2
Suricata
GPL NETBIOS SMB-DS CoGetInstanceFromFile unicode andx overflow attempt
suricata·2010-09-23
CVE-2003-0995 GPL NETBIOS SMB-DS CoGetInstanceFromFile unicode andx overflow attempt
GPL NETBIOS SMB-DS CoGetInstanceFromFile unicode andx overflow attempt
Rule: alert tcp $EXTERNAL_NET any -> $HOME_NET 445 (msg:"GPL NETBIOS SMB-DS CoGetInstanceFromFile unicode andx overflow attempt"; flow:established,to_server; flowbits:isset,smb.tree.bind.msqueue; content:"|00|"; depth:1; content:"|FF|SMB"; within:4; distance:3; pcre:"/^(\x75|\x2d|\x2f|\x73|\xa2|\x2e|\x24|\x74)/sR"; byte_test:1,&,128,6,relative; content:"%"; depth:1; offset:39; byte_jump:2,0,little,relative; content:"&|00|"; within:2; distance:29; content:"|5C 00|P|00|I|00|P|00|E|00 5C 00 00 00|"; distance:4; nocase; byte_jump:2,-17,relative,from_beginning,little; content:"|05|"; distance:4; within:1; byte_test:1,!&,16,3,relative; content:"|00|"; within:1; distance:1; content:"|00 01|"; within:2; distance:19; byte_test:
Suricata
GPL NETBIOS SMB msqueue andx bind attempt
suricata·2010-09-23
CVE-2003-0995 GPL NETBIOS SMB msqueue andx bind attempt
GPL NETBIOS SMB msqueue andx bind attempt
Rule: alert tcp $EXTERNAL_NET any -> $HOME_NET 139 (msg:"GPL NETBIOS SMB msqueue andx bind attempt"; flow:established,to_server; flowbits:set,smb.tree.bind.msqueue; flowbits:noalert; content:"|00|"; depth:1; content:"|FF|SMB"; within:4; distance:3; pcre:"/^(\x75|\x2d|\x2f|\x73|\xa2|\x2e|\x24|\x74)/sR"; byte_test:1,!&,128,6,relative; content:"%"; depth:1; offset:39; byte_jump:2,0,little,relative; content:"&|00|"; within:2; distance:29; content:"|5C|PIPE|5C 00|"; distance:4; nocase; byte_jump:2,-17,relative,from_beginning,little; content:"|05|"; distance:4; within:1; byte_test:1,!&,16,3,relative; content:"|0B|"; within:1; distance:1; content:"|B0 01|R|97 CA|Y|D0 11 A8 D5 00 A0 C9 0D 80|Q"; within:16; distance:29; reference:cve,2003-0995; reference:u
Suricata
GPL NETBIOS SMB msqueue unicode bind attempt
suricata·2010-09-23
CVE-2003-0995 GPL NETBIOS SMB msqueue unicode bind attempt
GPL NETBIOS SMB msqueue unicode bind attempt
Rule: alert tcp $EXTERNAL_NET any -> $HOME_NET 139 (msg:"GPL NETBIOS SMB msqueue unicode bind attempt"; flow:established,to_server; flowbits:set,smb.tree.bind.msqueue; flowbits:noalert; content:"|00|"; depth:1; content:"|FF|SMB%"; within:5; distance:3; byte_test:1,&,128,6,relative; content:"&|00|"; within:2; distance:56; content:"|5C 00|P|00|I|00|P|00|E|00 5C 00 00 00|"; distance:4; nocase; byte_jump:2,-17,relative,from_beginning,little; content:"|05|"; distance:4; within:1; byte_test:1,!&,16,3,relative; content:"|0B|"; within:1; distance:1; content:"|B0 01|R|97 CA|Y|D0 11 A8 D5 00 A0 C9 0D 80|Q"; within:16; distance:29; reference:cve,2003-0995; reference:url,www.eeye.com/html/Research/Advisories/AD20030910.html; reference:url,www.microsoft.com
Suricata
GPL NETBIOS SMB-DS CoGetInstanceFromFile andx overflow attempt
suricata·2010-09-23
CVE-2003-0995 GPL NETBIOS SMB-DS CoGetInstanceFromFile andx overflow attempt
GPL NETBIOS SMB-DS CoGetInstanceFromFile andx overflow attempt
Rule: alert tcp $EXTERNAL_NET any -> $HOME_NET 445 (msg:"GPL NETBIOS SMB-DS CoGetInstanceFromFile andx overflow attempt"; flow:established,to_server; flowbits:isset,smb.tree.bind.msqueue; content:"|00|"; depth:1; content:"|FF|SMB"; within:4; distance:3; pcre:"/^(\x75|\x2d|\x2f|\x73|\xa2|\x2e|\x24|\x74)/sR"; byte_test:1,!&,128,6,relative; content:"%"; depth:1; offset:39; byte_jump:2,0,little,relative; content:"&|00|"; within:2; distance:29; content:"|5C|PIPE|5C 00|"; distance:4; nocase; byte_jump:2,-17,relative,from_beginning,little; content:"|05|"; distance:4; within:1; byte_test:1,!&,16,3,relative; content:"|00|"; within:1; distance:1; content:"|00 01|"; within:2; distance:19; byte_test:4,>,128,20,relative; reference:cve,2003
Suricata
GPL NETBIOS SMB-DS msqueue little endian andx bind attempt
suricata·2010-09-23
CVE-2003-0995 GPL NETBIOS SMB-DS msqueue little endian andx bind attempt
GPL NETBIOS SMB-DS msqueue little endian andx bind attempt
Rule: alert tcp $EXTERNAL_NET any -> $HOME_NET 445 (msg:"GPL NETBIOS SMB-DS msqueue little endian andx bind attempt"; flow:established,to_server; flowbits:set,smb.tree.bind.msqueue; flowbits:noalert; content:"|00|"; depth:1; content:"|FF|SMB"; within:4; distance:3; pcre:"/^(\x75|\x2d|\x2f|\x73|\xa2|\x2e|\x24|\x74)/sR"; byte_test:1,!&,128,6,relative; content:"%"; depth:1; offset:39; byte_jump:2,0,little,relative; content:"&|00|"; within:2; distance:29; content:"|5C|PIPE|5C 00|"; distance:4; nocase; byte_jump:2,-17,relative,from_beginning,little; content:"|05|"; distance:4; within:1; byte_test:1,&,16,3,relative; content:"|0B|"; within:1; distance:1; content:"|B0 01|R|97 CA|Y|D0 11 A8 D5 00 A0 C9 0D 80|Q"; within:16; distance:29; ref
Suricata
GPL NETBIOS SMB-DS CoGetInstanceFromFile unicode overflow attempt
suricata·2010-09-23
CVE-2003-0995 GPL NETBIOS SMB-DS CoGetInstanceFromFile unicode overflow attempt
GPL NETBIOS SMB-DS CoGetInstanceFromFile unicode overflow attempt
Rule: alert tcp $EXTERNAL_NET any -> $HOME_NET 445 (msg:"GPL NETBIOS SMB-DS CoGetInstanceFromFile unicode overflow attempt"; flow:established,to_server; flowbits:isset,smb.tree.bind.msqueue; content:"|00|"; depth:1; content:"|FF|SMB%"; within:5; distance:3; byte_test:1,&,128,6,relative; content:"&|00|"; within:2; distance:56; content:"|5C 00|P|00|I|00|P|00|E|00 5C 00 00 00|"; distance:4; nocase; byte_jump:2,-17,relative,from_beginning,little; content:"|05|"; distance:4; within:1; byte_test:1,!&,16,3,relative; content:"|00|"; within:1; distance:1; content:"|00 01|"; within:2; distance:19; byte_test:4,>,256,20,relative; reference:cve,2003-0995; reference:url,www.eeye.com/html/Research/Advisories/AD20030910.html; reference:url
Suricata
GPL NETBIOS SMB-DS msqueue unicode little endian bind attempt
suricata·2010-09-23
CVE-2003-0995 GPL NETBIOS SMB-DS msqueue unicode little endian bind attempt
GPL NETBIOS SMB-DS msqueue unicode little endian bind attempt
Rule: alert tcp $EXTERNAL_NET any -> $HOME_NET 445 (msg:"GPL NETBIOS SMB-DS msqueue unicode little endian bind attempt"; flow:established,to_server; flowbits:set,smb.tree.bind.msqueue; flowbits:noalert; content:"|00|"; depth:1; content:"|FF|SMB%"; within:5; distance:3; byte_test:1,&,128,6,relative; content:"&|00|"; within:2; distance:56; content:"|5C 00|P|00|I|00|P|00|E|00 5C 00 00 00|"; distance:4; nocase; byte_jump:2,-17,relative,from_beginning,little; content:"|05|"; distance:4; within:1; byte_test:1,&,16,3,relative; content:"|0B|"; within:1; distance:1; content:"|B0 01|R|97 CA|Y|D0 11 A8 D5 00 A0 C9 0D 80|Q"; within:16; distance:29; reference:cve,2003-0995; reference:url,www.eeye.com/html/Research/Advisories/AD20030910.html
Suricata
GPL NETBIOS SMB CoGetInstanceFromFile unicode andx overflow attempt
suricata·2010-09-23
CVE-2003-0995 GPL NETBIOS SMB CoGetInstanceFromFile unicode andx overflow attempt
GPL NETBIOS SMB CoGetInstanceFromFile unicode andx overflow attempt
Rule: alert tcp $EXTERNAL_NET any -> $HOME_NET 139 (msg:"GPL NETBIOS SMB CoGetInstanceFromFile unicode andx overflow attempt"; flow:established,to_server; flowbits:isset,smb.tree.bind.msqueue; content:"|00|"; depth:1; content:"|FF|SMB"; within:4; distance:3; pcre:"/^(\x75|\x2d|\x2f|\x73|\xa2|\x2e|\x24|\x74)/sR"; byte_test:1,&,128,6,relative; content:"%"; depth:1; offset:39; byte_jump:2,0,little,relative; content:"&|00|"; within:2; distance:29; content:"|5C 00|P|00|I|00|P|00|E|00 5C 00 00 00|"; distance:4; nocase; byte_jump:2,-17,relative,from_beginning,little; content:"|05|"; distance:4; within:1; byte_test:1,!&,16,3,relative; content:"|00|"; within:1; distance:1; content:"|00 01|"; within:2; distance:19; byte_test:4,>,25
No public exploits indexed.
No writeups or analysis indexed.
2004-01-05
Published