OS-WINDOWS -- Snort has detected traffic targeting vulnerabilities in a Windows-based operating system. This does not include browser traffic or other software on the OS, but attacks against the OS itself. (such as?)
OS-WINDOWS Microsoft Windows Theme code execution attempt
Rule detects .theme file which includes a remote theme visualfile, which can be setup to be an exploit to gain execution on victim machine. A .theme file is a plaintext INI file.
An attempt to gain code execution via a crafted Windows theme file that points to an attacker controlled SMB server
Public information/Proof of Concept available
Known false positives, with the described conditions
It is possible a plaintext file could be crafted that matches this rule, the most likely scenario would be a plaintext file discussing this vulnerability and giving an exact copy of the public PoC
Cisco Talos Intelligence Group
No rule groups
None
No information provided
None
©2023 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
