Short Name |
HTTP:STC:DL:OTF-CFF-RCE |
---|---|
Severity |
Major |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Microsoft Windows OpenType Compact Font Format Driver Code Execution |
Release Date |
2011/02/07 |
Update Number |
1861 |
Supported Platforms |
idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts to exploit a known vulnerability against Microsoft Windows OpenType. A code execution vulnerability exists in Microsoft Windows OpenType Compact Font Format (CFF) Driver. The vulnerability is due to the OpenType Compact Font Format (CFF) Driver not sufficiently validating the parameter values of specially crafted OpenType fonts.
Microsoft Windows is prone to a remote code-execution vulnerability that affects the OpenType Compact Font Format (CFF) driver. An attacker can exploit this issue to execute arbitrary code in kernel mode. Successful exploits will completely compromise an affected computer. Failed attempts will result in a denial-of-service condition.