Short Name |
HTTP:STC:DL:EMF-OF |
---|---|
Severity |
Major |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
EMF GDIplus GpFont.SetData Integer Overflow |
Release Date |
2010/09/22 |
Update Number |
1777 |
Supported Platforms |
idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts to exploit a known vulnerability against the Microsoft EMF file format parser. Attackers can craft a malicious emf file, which if a user downloads, allows the attacker to execute arbitrary code in the context of the user.
Microsoft GDI+ is prone to a stack-based buffer-overflow vulnerability that occurs when an application that uses the library tries to process a specially crafted EMF (Enhanced Metafile) image file. Successfully exploiting this issue causes applications using the affected library to crash. Due to the nature of this issue, attackers may be able to execute arbitrary code in the context of the currently logged-in user; this has not been confirmed. NOTE (March 25, 2009): Further investigation reveals that this issue is in fact a new issue and has been assigned its own BID. Information that was added on March 24, 2009 to BID 31019 ('Microsoft GDI+ EMF Image Processing Memory Corruption Vulnerability') is now provided in this BID. UPDATE (March 26, 2009): Further analysis indicates that successful exploits will not likely result in remote code execution; the impact for this issue has been adjusted accordingly.