Short Name |
HTTP:STC:DL:MS-WMF-ESCSET-CE |
---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Microsoft Windows Metafile Escape_SetAbortProc Code Execution |
Release Date |
2013/01/30 |
Update Number |
2229 |
Supported Platforms |
idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
This signature detects attempts to exploit a known vulnerability against Microsoft Windows WMF file handling library. A successful attack can lead to arbitrary code execution.
Microsoft Windows WMF graphics rendering engine is affected by a remote code-execution vulnerability. This issue affects the 'SetAbortProc' function. The problem presents itself when a user views a malicious WMF formatted file, triggering the vulnerability when the engine attempts to parse the file. The issue may be exploited remotely or locally. Any remote code execution that occurs will be with the privileges of the user viewing a malicious image. An attacker may gain SYSTEM privileges if an administrator views the malicious file. Local code execution may facilitate a complete compromise.