Signature Detail
Short Name |
SHELLCODE:MSF:FTENV-SMB1 |
|---|---|
Severity |
Critical |
Recommended |
Yes |
Recommended Action |
Drop |
Category |
SHELLCODE |
Keywords |
Windows Execution (x86/fnstenv_mov) Shellcode (SMB-CTS1) |
Release Date |
2011/04/19 |
Update Number |
1904 |
Supported Platforms |
idp-4.1.110110609+, isg-3.4.139899+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
SHELLCODE: Windows Execution (x86/fnstenv_mov) Shellcode (SMB-CTS1)
This signature detects shell code being sent as part of an exploit payload, specifically the Windows Execution shell, using the variable-length fnstenv/mov dword XOR encoder (x86/fnstenv_mov). This is a strong indication of malicious activity on your network.
References
- BugTraq: 14513
- CVE: CVE-2005-1983
- URL: http://www.metasploit.com/modules/encoder/x86/fnstenv_mov