Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

Short Name

 HTTP:STC:DL:WIN-CHM-DETECTION

Severity

 Medium

Recommended

 No

Category

 HTTP

Keywords

 Microsoft Windows CHM File Magic Detected

Release Date

 2015/06/09

Update Number

 2503

Supported Platforms

 idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

HTTP: Microsoft Windows CHM File Magic Detected


This signature detects an attempt to download a Microsoft Compiled Help (.chm) file. Opening a malicious .chm file can allow for arbitrary code execution, leading to system comprimise.

Extended Description

Integer overflow in Microsoft Windows 98, 2000, XP SP2 and earlier, and Server 2003 SP1 and earlier allows remote attackers to execute arbitrary code via a crafted compiled Help (.CHM) file with a large size field that triggers a heap-based buffer overflow, as demonstrated using a "ms-its:" URL in Internet Explorer.

Affected Products

  • microsoft windows_2000
  • microsoft windows_2003_server 64-bit
  • microsoft windows_2003_server datacenter_64-bit (sp1)
  • microsoft windows_2003_server datacenter_64-bit (sp1_beta_1)
  • microsoft windows_2003_server enterprise
  • microsoft windows_2003_server enterprise (:64-bit)
  • microsoft windows_2003_server enterprise_64-bit (sp1)
  • microsoft windows_2003_server enterprise_64-bit (sp1_beta_1)
  • microsoft windows_2003_server enterprise (sp1)
  • microsoft windows_2003_server enterprise (sp1_beta_1)
  • microsoft windows_2003_server r2
  • microsoft windows_2003_server r2 (:64-bit)
  • microsoft windows_2003_server r2 (:datacenter_64-bit)
  • microsoft windows_2003_server r2 (sp1)
  • microsoft windows_2003_server r2 (sp1_beta_1)
  • microsoft windows_2003_server standard
  • microsoft windows_2003_server standard (:64-bit)
  • microsoft windows_2003_server standard_64-bit
  • microsoft windows_2003_server standard (sp1)
  • microsoft windows_2003_server standard (sp1_beta_1)
  • microsoft windows_2003_server web (sp1)
  • microsoft windows_2003_server web (sp1_beta_1)
  • microsoft windows_98 (gold)
  • microsoft windows_xp (:64-bit)
  • microsoft windows_xp (:embedded)
  • microsoft windows_xp (gold)
  • microsoft windows_xp (gold:professional)
  • microsoft windows_xp (:home)
  • microsoft windows_xp (:media_center)
  • microsoft windows_xp (sp1)
  • microsoft windows_xp (sp1:64-bit)
  • microsoft windows_xp (sp1:embedded)
  • microsoft windows_xp (sp1:home)
  • microsoft windows_xp (sp1:media_center)
  • microsoft windows_xp (sp1:tablet_pc)
  • microsoft windows_xp (sp2)
  • microsoft windows_xp (sp2:home)
  • microsoft windows_xp (sp2:media_center)
  • microsoft windows_xp (sp2:tablet_pc)

References

  • BugTraq: 13953
  • CVE: CVE-2005-1208

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out