From a6855e25f31dbd0f7ae6f4c89d4b259353b49865 Mon Sep 17 00:00:00 2001
From: Florian Roth <venom14@gmail.com>
Date: Mon, 19 Feb 2024 08:56:46 +0100
Subject: [PATCH] Update expl_outlook_cve_2024_21413.yar

---
 yara/expl_outlook_cve_2024_21413.yar | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/yara/expl_outlook_cve_2024_21413.yar b/yara/expl_outlook_cve_2024_21413.yar
index 86611474..8de0ac89 100644
--- a/yara/expl_outlook_cve_2024_21413.yar
+++ b/yara/expl_outlook_cve_2024_21413.yar
@@ -5,12 +5,13 @@ rule EXPL_CVE_2024_21413_Microsoft_Outlook_RCE_Feb24 {
       author = "Florian Roth"
       reference = "https://github.com/xaitax/CVE-2024-21413-Microsoft-Outlook-Remote-Code-Execution-Vulnerability/"
       date = "2024-02-17"
+      modified = "2024-02-19"
       score = 75
    strings:
       $a1 = "Subject: "
       $a2 = "Received: "
 
-      $xr1 = /href[\s=3D"']{2,20}file:\/\/\/\\\\[^"']{6,200}!/
+      $xr1 = /(href|src)[\s=3D"']{2,20}file:\/\/\/\\\\[^"']{6,200}!/
    condition:
       filesize < 800KB
       and all of ($a*)