POLICY-OTHER --
POLICY-OTHER file URI scheme attempt
This rule searches for `file://` in the file_data buffer and alerts if the pattern is found. Apple Safari before 5.1.1 did not enforce an intended policy for 'file:' URLs, which allows remote attackers to execute arbitrary code via a crafted web site.
This rule alerts when a URI scheme containing the 'file://' prefix is detected.
No public information
Known false positives, with the described conditions
This rule does not account for valid use cases of the 'file://' URI scheme.
Cisco Talos Intelligence Group
No rule groups
Memory Corruption
Memory Corruption is any vulnerability that allows the modification of the content of memory locations in a way not intended by the developer. Memory corruption results are inconsistent; they could lead to fatal errors and system crashes or data leakage; some have no effect at all.
CVE-2011-3230 |
Loading description
|
Tactic: Initial Access
Technique: Drive-by Compromise
For reference, see the MITRE ATT&CK vulnerability types here: https://attack.mitre.org