SID 1:54243

Report a false positive

Rule Category

FILE-MULTIMEDIA -- Snort detected traffic targeting vulnerabilities in multimedia files (mp3, movies, wmv, etc.).

Alert Message

FILE-MULTIMEDIA Microsoft Media Foundation getKeyForIndex out-of-bounds read attempt

Rule Explanation

The rule is looking for unique content in mov file that can exploit information disclosure vulnerability CVE-2020-0939

What To Look For

The rule alerts when victim system tries to download malicious mov file that can exploit information disclosure vulnerability CVE-2020-0939

Known Usage

No public information

False Positives

No known false positives

Contributors

Cisco Talos Intelligence Group

Rule Groups

No rule groups

CVE

CVE-2020-0939

Additional Links

portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0939

Rule Vulnerability

CVE Additional Information

This product uses data from the NVD API but is not endorsed or certified by the NVD.
CVE-2020-0939
 Loading description

MITRE ATT&CK Framework

Tactic: Collection

Technique: Data from Local System

For reference, see the MITRE ATT&CK vulnerability types here: https://attack.mitre.org