Signature Detail
This site is deprecated. Please CLICK HERE for latest updates
Short Name |
HTTP:STC:DL:MPP-MEM-VAL |
|---|---|
Severity |
Major |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Microsoft Office Project Memory Validation Code Execution |
Release Date |
2010/10/14 |
Update Number |
1792 |
Supported Platforms |
idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
HTTP: Microsoft Office Project Memory Validation Code Execution
This signature detects attempts to exploit a known memory corruption vulnerability in Microsoft Office Project software. It is due to insufficient validation while allocating memory for a crafted project file. Remote attackers can exploit this by enticing the target user to open a malicious .mpp file in a vulnerable version of Microsoft Office Project. A successful attack can result in arbitrary code execution with the privileges of the logged in user. In an unsuccessful, the application can terminate abnormally due to memory corruption.
Extended Description
Microsoft Project is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.
Affected Products
- Microsoft project_2000 SR1
- Microsoft project_2000
- Microsoft project_2002 SP1
- Microsoft project_2002
- Microsoft project_2003 SP1
- Microsoft project_2003 SP2
- Microsoft project_2003 SP3
- Microsoft project_2003
References
- BugTraq: 37211
- CVE: CVE-2009-0102