Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

Short Name

 HTTP:STC:DL:MS-RICHEDIT-RCE

Severity

 High

Recommended

 No

Recommended Action

 Drop

Category

 HTTP

Keywords

 Microsoft RichEdit Allows Remote Code Execution

Release Date

 2007/02/13

Update Number

 1213

Supported Platforms

 di-5.3+, idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

HTTP: Microsoft RichEdit Allows Remote Code Execution


This signature detects attempts to exploit a known vulnerability in the Rich text format parser in Windows. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the user application.

Extended Description

Microsoft Windows is prone to a remote code-execution vulnerability that occurs when the application attempts to parse malformed Rich Text Files (RTF). An attacker could exploit this issue by enticing a victim to load a malicious RTF file. If the vulnerability is successfully exploited, this could result in the execution of arbitrary code in the context of the currently logged-in user.

Affected Products

  • Avaya Agent Access
  • Avaya Basic Call Management System Reporting Desktop server
  • Avaya Basic Call Management System Reporting Desktop
  • Avaya CMS Supervisor
  • Avaya Computer Telephony
  • Avaya Contact Center Express
  • Avaya CVLAN
  • Avaya Enterprise Management
  • Avaya Integrated Management
  • Avaya Interaction Center
  • Avaya Interaction Center - Voice Quick Start
  • Avaya IP Agent
  • Avaya IP Softphone
  • Avaya Modular Messaging S3400
  • Avaya Modular Messaging (MAS) 3.0.0
  • Avaya Modular Messaging (MAS)
  • Avaya Modular Messaging (MSS) 1.1.0
  • Avaya Modular Messaging (MSS) 2.0.0
  • Avaya Modular Messaging (MSS) 2.0.0 SP4
  • Avaya Network Reporting
  • Avaya OctelAccess(r) Server
  • Avaya Operational Analyst
  • Avaya Outbound Contact Management
  • Avaya S8100 Media Servers R10
  • Avaya S8100 Media Servers R11
  • Avaya S8100 Media Servers R12
  • Avaya S8100 Media Servers R6
  • Avaya S8100 Media Servers R7
  • Avaya S8100 Media Servers R8
  • Avaya S8100 Media Servers R9
  • Avaya S8100 Media Servers
  • Avaya Speech Access
  • Avaya Unified Communication Center
  • Avaya Unified Communications Center S3400
  • Avaya Unified Messenger (r)
  • Avaya Visual Messenger TM
  • Avaya Visual Vector Client
  • Avaya VPNmanagerTM Console
  • Avaya Web Messenger
  • HP Storage Management Appliance 2.1
  • Microsoft Windows 2000 Advanced Server SP1
  • Microsoft Windows 2000 Advanced Server SP2
  • Microsoft Windows 2000 Advanced Server SP3
  • Microsoft Windows 2000 Advanced Server SP4
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows 2000 Datacenter Server SP1
  • Microsoft Windows 2000 Datacenter Server SP2
  • Microsoft Windows 2000 Datacenter Server SP3
  • Microsoft Windows 2000 Datacenter Server SP4
  • Microsoft Windows 2000 Datacenter Server
  • Microsoft Windows 2000 Professional SP1
  • Microsoft Windows 2000 Professional SP2
  • Microsoft Windows 2000 Professional SP3
  • Microsoft Windows 2000 Professional SP4
  • Microsoft Windows 2000 Professional
  • Microsoft Windows 2000 Server SP1
  • Microsoft Windows 2000 Server SP2
  • Microsoft Windows 2000 Server SP3
  • Microsoft Windows 2000 Server SP4
  • Microsoft Windows Server 2003 Datacenter Edition SP1
  • Microsoft Windows Server 2003 Datacenter Edition SP1 Beta 1
  • Microsoft Windows Server 2003 Datacenter Edition
  • Microsoft Windows Server 2003 Datacenter Edition Itanium SP1
  • Microsoft Windows Server 2003 Datacenter Edition Itanium SP1 Beta 1
  • Microsoft Windows Server 2003 Datacenter Edition Itanium
  • Microsoft Windows Server 2003 Datacenter x64 Edition
  • Microsoft Windows Server 2003 Enterprise Edition SP1
  • Microsoft Windows Server 2003 Enterprise Edition SP1 Beta 1
  • Microsoft Windows Server 2003 Enterprise Edition
  • Microsoft Windows Server 2003 Enterprise Edition Itanium SP1
  • Microsoft Windows Server 2003 Enterprise Edition Itanium SP1 Beta 1
  • Microsoft Windows Server 2003 Enterprise Edition Itanium
  • Microsoft Windows Server 2003 Enterprise x64 Edition
  • Microsoft Windows Server 2003 Standard Edition SP1
  • Microsoft Windows Server 2003 Standard Edition SP1 Beta 1
  • Microsoft Windows Server 2003 Standard Edition
  • Microsoft Windows Server 2003 Standard x64 Edition
  • Microsoft Windows Server 2003 Web Edition SP1
  • Microsoft Windows Server 2003 Web Edition SP1 Beta 1
  • Microsoft Windows Server 2003 Web Edition
  • Microsoft Windows XP
  • Microsoft Windows XP 64-bit Edition SP1
  • Microsoft Windows XP 64-bit Edition
  • Microsoft Windows XP Home SP1
  • Microsoft Windows XP Home SP2
  • Microsoft Windows XP Home
  • Microsoft Windows XP Media Center Edition SP1
  • Microsoft Windows XP Media Center Edition SP2
  • Microsoft Windows XP Media Center Edition
  • Microsoft Windows XP Professional SP1
  • Microsoft Windows XP Professional SP2
  • Microsoft Windows XP Professional
  • Microsoft Windows XP Professional x64 Edition
  • Microsoft Windows XP Tablet PC Edition SP1
  • Microsoft Windows XP Tablet PC Edition SP2
  • Microsoft Windows XP Tablet PC Edition
  • Nortel Networks Centrex IP Client Manager 7.0.0
  • Nortel Networks Centrex IP Client Manager 8.0.0
  • Nortel Networks Centrex IP Client Manager 9.0

References

  • CVE: CVE-2007-0032
  • CVE: CVE-2007-0026

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out