Signature Detail
This site is deprecated. Please CLICK HERE for latest updates
Short Name |
HTTP:STC:FAX-COVER-MC |
|---|---|
Severity |
Major |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Microsoft Windows Fax Services Cover Page Editor Double Free Memory Corruption |
Release Date |
2011/01/31 |
Update Number |
1856 |
Supported Platforms |
idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
HTTP: Microsoft Windows Fax Services Cover Page Editor Double Free Memory Corruption
This signature detects attempts to exploit a known double-free memory corruption vulnerability in Microsoft Windows Fax Services. It is due to improper handling of Text objects while parsing Microsoft Fax cover page files. Remote attackers could exploit this by enticing the target user to open a specially crafted Fax cover page file. A successful attack can result in execution of arbitrary code within the security context of the currently logged in user. An unsuccessful attempt terminates the affected application abnormally.
Extended Description
Microsoft Windows Fax Cover Page Editor is prone to a double-free memory-corruption vulnerability. An attacker can exploit this issue by enticing an unsuspecting user to open a specially crafted Fax Cover Page file. Successfully exploiting this issue allows attackers to execute arbitrary code in the context of the application. Failed exploit attempts will result in a denial-of-service condition. Microsoft Windows Fax Cover Page Editor versions 5.2.3790.3959 and prior are vulnerable.
Affected Products
- Microsoft windows 7
- Microsoft windows_7 Beta
- Microsoft windows_7 RC
- Microsoft windows_7_for_32-bit_systems SP1
- Microsoft windows_7_for_32-bit_systems
- Microsoft windows_7_for_itanium-based_systems SP1
- Microsoft windows_7_for_itanium-based_systems
- Microsoft windows_7_for_x64-based_systems SP1
- Microsoft windows_7_for_x64-based_systems
- Microsoft windows_7_home_premium
- Microsoft windows_7_professional
- Microsoft windows_7_starter
- Microsoft windows_7_ultimate
- Microsoft windows_7_xp_mode
- Microsoft windows_fax_cover_page_editor 5.2.3790.3959
- Microsoft windows_server 2008 R2
- Microsoft windows_server_2003 SP2
- Microsoft windows_server_2003 Sp2 Compute Cluster
- Microsoft windows_server_2003 Sp2 Datacenter
- Microsoft windows_server_2003 Sp2 Enterprise
- Microsoft windows_server_2003 Sp2 Storage
- Microsoft windows_server_2003_datacenter_x64_edition SP2
- Microsoft windows_server_2003_enterprise_edition_itanium SP2
- Microsoft windows_server_2003_enterprise_x64_edition SP2
- Microsoft windows_server_2003_itanium SP2
- Microsoft windows_server_2003_r2_datacenter_edition_sp2
- Microsoft windows_server_2003_r2_enterprise_edition_sp2
- Microsoft windows_server_2003_standard_edition SP2
- Microsoft windows_server_2003_web_edition SP2
- Microsoft windows_server_2003_x64 SP2
- Microsoft windows_server_2008 SP2 Beta
- Microsoft windows_server_2008_datacenter_edition Release Candidate
- Microsoft windows_server_2008_datacenter_edition SP2
- Microsoft windows_server_2008_datacenter_edition
- Microsoft windows_server_2008_enterprise_edition Release Candidate
- Microsoft windows_server_2008_enterprise_edition SP2
- Microsoft windows_server_2008_enterprise_edition
- Microsoft windows_server_2008_for_32-bit_systems SP2
- Microsoft windows_server_2008_for_32-bit_systems
- Microsoft windows_server_2008_for_itanium-based_systems R2
- Microsoft windows_server_2008_for_itanium-based_systems SP2
- Microsoft windows_server_2008_for_itanium-based_systems
- Microsoft windows_server_2008_for_x64-based_systems R2
- Microsoft windows_server_2008_for_x64-based_systems SP2
- Microsoft windows_server_2008_for_x64-based_systems
- Microsoft windows_server_2008_r2_datacenter SP1
- Microsoft windows_server_2008_r2_datacenter
- Microsoft windows_server_2008_r2_itanium SP1
- Microsoft windows_server_2008_r2_itanium
- Microsoft windows_server_2008_r2_x64 SP1
- Microsoft windows_server_2008_r2_x64
- Microsoft windows_server_2008_standard_edition SP2
- Microsoft windows_server_2008_standard_edition X64
- Microsoft windows_server_2008_standard_edition
- Microsoft windows_vista Business SP1
- Microsoft windows_vista Business SP2
- Microsoft windows_vista Enterprise SP1
- Microsoft windows_vista Enterprise SP2
- Microsoft windows_vista Home Basic SP1
- Microsoft windows_vista Home Basic SP2
- Microsoft windows_vista Home Premium SP1
- Microsoft windows_vista Home Premium SP2
- Microsoft windows_vista SP1
- Microsoft windows_vista SP2
- Microsoft windows_vista Ultimate SP1
- Microsoft windows_vista Ultimate SP2
- Microsoft windows_vista_business_64-bit_edition SP1
- Microsoft windows_vista_business_64-bit_edition SP2
- Microsoft windows_vista_enterprise_64-bit_edition SP1
- Microsoft windows_vista_enterprise_64-bit_edition SP2
- Microsoft windows_vista_home_basic_64-bit_edition SP1
- Microsoft windows_vista_home_basic_64-bit_edition Sp1 X64
- Microsoft windows_vista_home_basic_64-bit_edition SP2
- Microsoft windows_vista_home_basic_64-bit_edition Sp2 X64
- Microsoft windows_vista_home_premium_64-bit_edition SP1
- Microsoft windows_vista_home_premium_64-bit_edition SP2
- Microsoft windows_vista_ultimate_64-bit_edition SP1
- Microsoft windows_vista_ultimate_64-bit_edition SP2
- Microsoft windows_vista_x64_edition SP1
- Microsoft windows_vista_x64_edition SP2
- Microsoft windows_xp_embedded SP3
- Microsoft windows_xp_home SP3
- Microsoft windows_xp_media_center_edition SP3
- Microsoft windows_xp_professional SP3
- Microsoft windows_xp_professional_x64_edition SP3
- Microsoft windows_xp_tablet_pc_edition SP3
References
- BugTraq: 45942