FILE-OTHER -- Snort detected traffic targeting vulnerabilities in a file type that does not require enough rule coverage to have its own category.
FILE-OTHER Microsoft Windows CAB file szName directory traversal attempt
The rule is looking for presence of `../` string sequence in CFFILE record of .cab files
The rule alerts when PC tries to download malicious .cab file that can be used to perform local code execution
No public information
No known false positives
Cisco Talos Intelligence Group
No rule groups
N/A
Not Applicable
CVE-2020-1300 |
Loading description
|
Tactic: Execution
Technique: User Execution
For reference, see the MITRE ATT&CK vulnerability types here: https://attack.mitre.org