SID 1:63982

Rule Category

BROWSER-IE -- Snort has detected traffic known to exploit vulnerabilities present in the Internet Explorer browser, or products that have the Trident or Tasman engines.

Alert Message

BROWSER-IE Microsoft Internet Explorer MSHTML platform spoofing attempt

Rule Explanation

This rule looks for special characters in the URL that would spoof the file extension in the Internet Explorer browser

What To Look For

This rule fires on file spoofing attempts in the URL of the Internet Explorer browser

Known Usage

No public information

False Positives

No known false positives

Contributors

Cisco Talos Intelligence Group

Rule Groups

MITRE::ATT&CK Framework::Enterprise::Execution::User Execution::Malicious File

An adversary may rely upon a user opening a malicious file in order to gain execution. Users may be subjected to social engineering to get them to open a file that will lead to code execution. This user action will typically be observed as follow-on behavior from Spearphishing Attachment. Adversaries may use several types of files that require a user to execute them, including .doc, .pdf, .xls, .rtf, .scr, .exe, .lnk, .pif, and .cpl.

Rule Categories::Browser::Internet Explorer

CVE

CVE-2024-43461

Additional Links

msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43461

Rule Vulnerability

N/A

Not Applicable

CVE Additional Information

This product uses data from the NVD API but is not endorsed or certified by the NVD.

CVE-2024-43461

Loading description