Short Name |
HTTP:STC:DL:MPP-MEM-VAL |
---|---|
Severity |
Major |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Microsoft Office Project Memory Validation Code Execution |
Release Date |
2010/10/14 |
Update Number |
1792 |
Supported Platforms |
idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts to exploit a known memory corruption vulnerability in Microsoft Office Project software. It is due to insufficient validation while allocating memory for a crafted project file. Remote attackers can exploit this by enticing the target user to open a malicious .mpp file in a vulnerable version of Microsoft Office Project. A successful attack can result in arbitrary code execution with the privileges of the logged in user. In an unsuccessful, the application can terminate abnormally due to memory corruption.
Microsoft Project is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.