Signature Detail

Short Name	HTTP:STC:DL:METASTOCK-RCE
Severity	High
Recommended	No
Recommended Action	Drop
Category	HTTP
Keywords	MetaStock Use-After-Free Remote Code Execution
Release Date	2012/11/23
Update Number	2205
Supported Platforms	idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

HTTP: MetaStock Use-After-Free Remote Code Execution

This signature detects attempts to exploit a known vulnerability in MetaStock. A successful attack can lead to a arbitrary remote code execution within the context of the affected application.

Extended Description

Use-after-free vulnerability in Equis MetaStock 11 and earlier allows remote attackers to execute arbitrary code via a malformed (1) mwc chart, (2) mws chart, (3) mwt template, or (4) mwl layout.

Affected Products

equis metastock 10.0
equis metastock 10.1
equis metastock 8.0
equis metastock 9.0
equis metastock 9.1
equis metastock 9.2
equis metastock up to 11.0

References

CVE: CVE-2011-3488

Signature Detail

Short Name

Severity

Recommended

Recommended Action

Category

Keywords

Release Date

Update Number

Supported Platforms

HTTP: MetaStock Use-After-Free Remote Code Execution

Extended Description

Affected Products

References