SMTP Suspicious ZIP File Detected -1 state 2-F/Flow

Rule ID

1230991

Severity

Medium

Description

Multiple vulnerabilities were found in ZIP file, which allow remote attackers to execute arbitrary code.

Impact

Remote code execution

Recommendation

Update vendor's patch.

IPS Category

File vulnerabilities

IPS Anomaly Group

N/A

IPS Rule Default Action

Deny

References

CVE-2015-2331

CVE-2021-27068

T1203

T1005

Keywords

N/A

Date Created

2022/04/29

Last Updated

2025/05/28