CARVIEW

MOTORHOMES

Select Language

HTTP/2 200 date: Tue, 07 Oct 2025 12:06:54 GMT content-type: text/html; charset=utf-8 content-encoding: gzip cache-control: max-age=0, private, must-revalidate nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} referrer-policy: strict-origin-when-cross-origin report-to: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=6YbkLUV6sgYFHx62sCwzOg%2B1EXt%2FQKsgpVeZrNq%2FKQY%3D\u0026sid=1b10b0ff-8a76-4548-befa-353fc6c6c045\u0026ts=1759838814"}],"max_age":3600} reporting-endpoints: heroku-nel="https://nel.heroku.com/reports?s=6YbkLUV6sgYFHx62sCwzOg%2B1EXt%2FQKsgpVeZrNq%2FKQY%3D&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&ts=1759838814" set-cookie: _snort-org_session=Nm5rbG4wMGFGSkpwTTNjOGxDRWRDMkM5Z0NoTmtweFhnNjMxeStLZ0ZkNWJCL3hRQVVhOWpIRlZ0YTJ0dmNDOUp0UEpLVEx3VWdVa2xlVEI4R1BDeVdqeGF0V2pxTDRmUlFwdCtMKzBPcFV0YmhPU0ljQ25xVVF3MFdKNGEyZW1tbXZBdmhLeDREejJiSXV5UEV6bTFUYk1GWFhiN05ONVo5V0V2YUwxRmovK2MwTFkvLzFVZjVEWHZ6dGg5Z0ZjSktWZHo4ZFphTTdEWFcxTFRZMTM4TGxxd2ptVVJrbnAyZ3dUUXFjOXFMdz0tLVp4WExMVUxKQ29qeGtsZFkwZkdOVFE9PQ%3D%3D--8eadc7240cd1fdcfd4ee1776f01d495bff981075; path=/; secure; httponly set-cookie: __cf_bm=6FoDeSrmQpbkBMFwXhhH_PvkcTrRWnU3t5q_c9UlUO4-1759838814-1.0.1.1-XuJ0fx.SIhRECV7vYJyHrdPbsO2pstQPFAM1QnAjMmGGyyWicdqTHd7SmckMj1kQUd902E7UKVf36cSJ0t9MSXhcIjph2paM8FciNj60DLg; path=/; expires=Tue, 07-Oct-25 12:36:54 GMT; domain=.snort.org; HttpOnly; Secure; SameSite=None strict-transport-security: max-age=15552000 vary: Accept via: 2.0 heroku-router x-content-type-options: nosniff x-download-options: noopen x-frame-options: SAMEORIGIN x-permitted-cross-domain-policies: none x-request-id: 63291b92-7740-c56a-c7e1-e46797539a6d x-runtime: 0.112845 x-xss-protection: 1; mode=block cf-cache-status: DYNAMIC server: cloudflare cf-ray: 98ad466d8936d817-BLR alt-svc: h3=":443"; ma=86400 Snort - Rule Docs 1:301121

Rule Document 1:301121

Report a false positive

Rule Category

OS-WINDOWS -- Snort has detected traffic targeting vulnerabilities in a Windows-based operating system. This does not include browser traffic or other software on the OS, but attacks against the OS itself. (such as?)

Alert Message

OS-WINDOWS Microsoft Windows MapUrlToZone security feature bypass attempt

Rule Explanation

This rule looks for a reference to an external resource known to bypass the MapUrlToZone security feature.

What To Look For

This rule fires on attempts to download a file containing a reference known to bypass the MapUrlToZone security feature.

Known Usage

No public information

False Positives

No known false positives

Contributors

Cisco Talos Intelligence Group

Rule Groups

MITRE::ATT&CK Framework::Enterprise::Initial Access::Phishing

Adversaries may send phishing messages to gain access to victim systems. All forms of phishing are electronically delivered social engineering. Phishing can be targeted, known as spearphishing. In spearphishing, a specific individual, company, or industry will be targeted by the adversary. More generally, adversaries can conduct non-targeted phishing, such as in mass malware spam campaigns.

MITRE::ATT&CK Framework::Enterprise::Execution::User Execution::Malicious File

An adversary may rely upon a user opening a malicious file in order to gain execution. Users may be subjected to social engineering to get them to open a file that will lead to code execution. This user action will typically be observed as follow-on behavior from Spearphishing Attachment. Adversaries may use several types of files that require a user to execute them, including .doc, .pdf, .xls, .rtf, .scr, .exe, .lnk, .pif, and .cpl.

Rule Categories::Operating Systems::Windows

CVE

CVE-2025-21269

Additional Links

msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21269

Rule Vulnerability

N/A

Not Applicable

CVE Additional Information

This product uses data from the NVD API but is not endorsed or certified by the NVD.

CVE-2025-21269

Loading description

Original Source | Taken Source