Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

This site is deprecated. Please CLICK HERE for latest updates

Short Name

 HTTP:STC:DL:MS-TTF-PARSING

Severity

 Major

Recommended

 No

Recommended Action

 Drop

Category

 HTTP

Keywords

 Microsoft Windows TrueType Font Parsing Vulnerability

Release Date

 2012/11/12

Update Number

 2202

Supported Platforms

 idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+

HTTP: Microsoft Windows TrueType Font Parsing Vulnerability


This signature detects attempts to exploit a known vulnerability against Microsoft Windows TrueType Font. A successful attack can lead to arbitrary code execution.

Extended Description

The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT, as used by Google Chrome before 22.0.1229.79 and other programs, do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via a crafted TrueType font file, aka "Windows Font Parsing Vulnerability" or "TrueType Font Parsing Vulnerability."

Affected Products

  • Google chrome 22.0.1229.0
  • Google chrome 22.0.1229.1
  • Google chrome 22.0.1229.10
  • Google chrome 22.0.1229.11
  • Google chrome 22.0.1229.12
  • Google chrome 22.0.1229.14
  • Google chrome 22.0.1229.16
  • Google chrome 22.0.1229.17
  • Google chrome 22.0.1229.18
  • Google chrome 22.0.1229.2
  • Google chrome 22.0.1229.20
  • Google chrome 22.0.1229.21
  • Google chrome 22.0.1229.22
  • Google chrome 22.0.1229.23
  • Google chrome 22.0.1229.24
  • Google chrome 22.0.1229.25
  • Google chrome 22.0.1229.26
  • Google chrome 22.0.1229.27
  • Google chrome 22.0.1229.28
  • Google chrome 22.0.1229.29
  • Google chrome 22.0.1229.3
  • Google chrome 22.0.1229.31
  • Google chrome 22.0.1229.32
  • Google chrome 22.0.1229.33
  • Google chrome 22.0.1229.35
  • Google chrome 22.0.1229.36
  • Google chrome 22.0.1229.37
  • Google chrome 22.0.1229.39
  • Google chrome 22.0.1229.4
  • Google chrome 22.0.1229.48
  • Google chrome 22.0.1229.49
  • Google chrome 22.0.1229.50
  • Google chrome 22.0.1229.51
  • Google chrome 22.0.1229.52
  • Google chrome 22.0.1229.53
  • Google chrome 22.0.1229.54
  • Google chrome 22.0.1229.55
  • Google chrome 22.0.1229.56
  • Google chrome 22.0.1229.57
  • Google chrome 22.0.1229.58
  • Google chrome 22.0.1229.59
  • Google chrome 22.0.1229.6
  • Google chrome 22.0.1229.60
  • Google chrome 22.0.1229.62
  • Google chrome 22.0.1229.63
  • Google chrome 22.0.1229.64
  • Google chrome 22.0.1229.65
  • Google chrome 22.0.1229.67
  • Google chrome 22.0.1229.7
  • Google chrome 22.0.1229.76
  • Google chrome 22.0.1229.78
  • Google chrome 22.0.1229.8
  • Google chrome 22.0.1229.9
  • Microsoft windows_7 -
  • Microsoft windows_8 -
  • Microsoft windows_rt -
  • Microsoft windows_server_2003 *
  • Microsoft windows_server_2008 -
  • Microsoft windows_server_2008 *
  • Microsoft windows_server_2008 r2
  • Microsoft windows_server_2012 -
  • Microsoft windows_vista -
  • Microsoft windows_vista *
  • Microsoft windows_xp -
  • Microsoft windows_xp *

References

  • BugTraq: 56457
  • BugTraq: 56842
  • CVE: CVE-2012-2897
  • CVE: CVE-2012-4786

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out