JohnGalt14

CVE-2013-3660 EPATHOBJ Exploit Code YARA Signatures

Jun 14th, 2013
341
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. rule Windows_0day_Exploit_Developers_1 {
  2.     meta: description = "Windows 0day EPATHOBJ local ring0 Exploit - Developer Names" score = 60
  3.     strings:
  4.     $a = "taviso" fullword
  5.     $b = "cmpxchg8b" fullword
  6.     $c = "programmeboy" fullword
  7.     condition:
  8.     all of them
  9. }
  10.  
  11. rule Windows_0day_Exploit_1 {
  12.     meta: description = "Windows 0day EPATHOBJ local ring0 Exploit" score = 70
  13.     strings:
  14.     $a = "PATHRECORD" fullword
  15.     $b = "HRGN" fullword
  16.     $c = "FlattenPath" fullword
  17.     $d = "EndPath" fullword
  18.     $e = "PolyDraw" fullword
  19.    
  20.     condition:
  21.     all of them
  22. }
RAW Paste Data