Signature Detail
This site is deprecated. Please CLICK HERE for latest updates
Short Name |
HTTP:STC:DL:MAL-MIC-BICLRUSED |
|---|---|
Severity |
Major |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Windows Graphics Rendering Engine MIC File Malformed biClrUsed Parameter |
Release Date |
2011/01/05 |
Update Number |
1844 |
Supported Platforms |
idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
HTTP: Windows Graphics Rendering Engine MIC File Malformed biClrUsed Parameter
This signature detects attempts to exploit a known vulnerability against Microsoft's Graphics Rendering Engine. A successful attack can lead to arbitrary code execution.
Extended Description
Microsoft Windows is prone to a remote stack-based buffer-overflow vulnerability in the Windows Graphics Rendering Engine because the software fails to perform adequate boundary-checks on user-supplied data. An attacker can exploit this issue by enticing an unsuspecting user to open a malicious '.MIC' or office file. NOTE: To exploit this issue, the target must view the malicious document in the 'Thumbnails' view. Successfully exploiting this issue would allow the attacker to corrupt memory and execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will result in a denial-of-service condition.
Affected Products
- Avaya aura_conferencing 6.0.0 Standard
- Avaya callpilot 4.0
- Avaya callpilot 5.0
- Avaya communication_server_1000_telephony_manager 3.0
- Avaya communication_server_1000_telephony_manager 4.0
- Avaya meeting_exchange-client_registration_server
- Avaya meeting_exchange-recording_server
- Avaya meeting_exchange-streaming_server
- Avaya meeting_exchange-web_conferencing_server
- Avaya meeting_exchange-webportal
- Avaya messaging_application_server 4
- Avaya messaging_application_server 5
- Avaya messaging_application_server 5.2
- Microsoft windows_2000_professional SP1
- Microsoft windows_2000_professional SP2
- Microsoft windows_2000_professional SP3
- Microsoft windows_2000_professional SP4
- Microsoft windows_2000_professional
- Microsoft windows_server_2003 SP1
- Microsoft windows_server_2003 SP2
- Microsoft windows_server_2003_itanium SP1
- Microsoft windows_server_2003_itanium SP2
- Microsoft windows_server_2003_itanium
- Microsoft windows_server_2003_x64 SP1
- Microsoft windows_server_2003_x64 SP2
- Microsoft windows_server_2008_for_32-bit_systems SP2
- Microsoft windows_server_2008_for_32-bit_systems
- Microsoft windows_server_2008_for_itanium-based_systems SP2
- Microsoft windows_server_2008_for_itanium-based_systems
- Microsoft windows_server_2008_for_x64-based_systems SP2
- Microsoft windows_server_2008_for_x64-based_systems
- Microsoft windows_vista Home Premium SP1
- Microsoft windows_vista Home Premium SP2
- Microsoft windows_vista SP1
- Microsoft windows_vista SP2
- Microsoft windows_vista Ultimate
- Microsoft windows_vista Ultimate SP1
- Microsoft windows_vista Ultimate SP2
- Microsoft windows_vista_ultimate_64-bit_edition SP1
- Microsoft windows_vista_ultimate_64-bit_edition SP2
- Microsoft windows_vista_ultimate_64-bit_edition
- Microsoft windows_xp
- Microsoft windows_xp_64-bit_edition SP1
- Microsoft windows_xp_64-bit_edition
- Microsoft windows_xp_home SP1
- Microsoft windows_xp_home SP2
- Microsoft windows_xp_home SP3
- Microsoft windows_xp_media_center_edition SP1
- Microsoft windows_xp_media_center_edition SP2
- Microsoft windows_xp_media_center_edition SP3
- Microsoft windows_xp_media_center_edition
- Microsoft windows_xp_professional SP1
- Microsoft windows_xp_professional SP2
- Microsoft windows_xp_professional SP3
- Microsoft windows_xp_professional
- Microsoft windows_xp_professional_x64_edition SP2
- Microsoft windows_xp_professional_x64_edition
References