Signature Detail
This site is deprecated. Please CLICK HERE for latest updates
Short Name |
HTTP:STC:DL:WMF-HEAPOF |
|---|---|
Severity |
Major |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Windows Metafile Heap Overflow |
Release Date |
2004/10/15 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
HTTP: Windows Metafile Heap Overflow
This signature detects metafiles that contain invalid size information being sent over HTTP. Attackers can use Windows Metafiles and Enhanced Metafiles to exploit vulnerabilities in the Windows Graphical Device Interface. Metafiles can appear as an attachment or link within an e-mail message; the target user must activate the metafile for the exploit to occur. If the exploit is successful, attackers can deposit instructions or arbitrary code on a target system.
Extended Description
Microsoft Windows WMF/EMF image-rendering library is affected by a remote buffer-overflow vulnerability because it fails to properly verify the lengths of strings contained within an affected image file before copying them into finite buffers. Any code execution that occurs will take place with SYSTEM privileges because of the nature of the affected library. This will also permit local privilege-escalation attacks.
Affected Products
- Avaya definityone_media_servers R10
- Avaya definityone_media_servers R11
- Avaya definityone_media_servers R12
- Avaya definityone_media_servers R6
- Avaya definityone_media_servers R7
- Avaya definityone_media_servers R8
- Avaya definityone_media_servers R9
- Avaya definityone_media_servers
- Avaya ip600_media_servers R10
- Avaya ip600_media_servers R11
- Avaya ip600_media_servers R12
- Avaya ip600_media_servers R6
- Avaya ip600_media_servers R7
- Avaya ip600_media_servers R8
- Avaya ip600_media_servers R9
- Avaya ip600_media_servers
- Avaya modular_messaging_(mss) 1.1.0
- Avaya modular_messaging_(mss) 2.0.0
- Avaya s3400_message_application_server
- Avaya s8100_media_servers R10
- Avaya s8100_media_servers R11
- Avaya s8100_media_servers R12
- Avaya s8100_media_servers R6
- Avaya s8100_media_servers R7
- Avaya s8100_media_servers R8
- Avaya s8100_media_servers R9
- Avaya s8100_media_servers
- Microsoft windows_2000_advanced_server SP1
- Microsoft windows_2000_advanced_server SP2
- Microsoft windows_2000_advanced_server SP3
- Microsoft windows_2000_advanced_server SP4
- Microsoft windows_2000_advanced_server
- Microsoft windows_2000_datacenter_server SP1
- Microsoft windows_2000_datacenter_server SP2
- Microsoft windows_2000_datacenter_server SP3
- Microsoft windows_2000_datacenter_server SP4
- Microsoft windows_2000_datacenter_server
- Microsoft windows_2000_professional SP1
- Microsoft windows_2000_professional SP2
- Microsoft windows_2000_professional SP3
- Microsoft windows_2000_professional SP4
- Microsoft windows_2000_professional
- Microsoft windows_2000_server SP1
- Microsoft windows_2000_server SP2
- Microsoft windows_2000_server SP3
- Microsoft windows_2000_server SP4
- Microsoft windows_2000_server
- Microsoft windows_server_2003_datacenter_x64_edition
- Microsoft windows_server_2003_enterprise_x64_edition
- Microsoft windows_server_2003_standard_x64_edition
- Microsoft windows_xp_64-bit_edition SP1
- Microsoft windows_xp_64-bit_edition
- Microsoft windows_xp_64-bit_edition_version_2003 SP1
- Microsoft windows_xp_64-bit_edition_version_2003
- Microsoft windows_xp_home SP1
- Microsoft windows_xp_home
- Microsoft windows_xp_media_center_edition SP1
- Microsoft windows_xp_media_center_edition
- Microsoft windows_xp_professional SP1
- Microsoft windows_xp_professional
References
- BugTraq: 11375
- CVE: CVE-2004-0209
- URL: http://www.internetfixes.com/file_ext.htm