Signature Detail

HTTP: Microsoft Office GDI+ Heap Overflow Vulnerability

This signature detects attempts to exploit a known vulnerability in the Microsoft Office GDI parser. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the user.

Extended Description

Microsoft GDI+ is prone to a remote heap-based buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before copying it to an insufficiently sized buffer. An attacker can exploit this issue to execute arbitrary code with the privileges of the currently logged-in user. Failed exploit attempts may crash the affected application.

Affected Products

• Avaya Aura Conferencing 6.0 Standard
• Avaya CallPilot 4.0
• Avaya CallPilot 5.0
• Avaya Communication Server 1000 Telephony Manager 3.0
• Avaya Communication Server 1000 Telephony Manager 4.0
• Avaya Meeting Exchange 5.0
• Avaya Meeting Exchange 5.0.0.0.52
• Avaya Meeting Exchange 5.0 SP1
• Avaya Meeting Exchange 5.0 SP2
• Avaya Meeting Exchange 5.1
• Avaya Meeting Exchange 5.1 SP1
• Avaya Meeting Exchange 5.2
• Avaya Meeting Exchange 5.2 SP1
• Avaya Meeting Exchange 5.2 SP2
• Avaya Meeting Exchange - Client Registration Server
• Avaya Meeting Exchange - Enterprise Edition
• Avaya Meeting Exchange - Recording Server
• Avaya Meeting Exchange - Streaming Server
• Avaya Meeting Exchange - Web Conferencing Server
• Avaya Meeting Exchange - Webportal
• Avaya Messaging Application Server 5
• Avaya Messaging Application Server 5.2
• Microsoft Office 2003 SP1
• Microsoft Office 2003 SP2
• Microsoft Office 2003 SP3
• Microsoft Office 2003
• Microsoft Office 2007 SP1
• Microsoft Office 2007 SP2
• Microsoft Office 2007 SP3
• Microsoft Office 2007

References

• BugTraq: 53351
• CVE: CVE-2012-0167