Signature Detail
Short Name |
HTTP:STC:IMG:TARGA-IMG-HEAP1 |
|---|---|
Severity |
Medium |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Microsoft DirectX RLE Compressed Targa Image File Heap Overflow1 |
Release Date |
2015/09/30 |
Update Number |
2541 |
Supported Platforms |
idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: Microsoft DirectX RLE Compressed Targa Image File Heap Overflow1
This signature detects attempts to exploit a known buffer overflow vulnerability in Microsoft DirectX application framework. It is due to the way certain DirectX libraries handle specially crafted Targa (TGA) image files that are compressed using the Run-Length Encoding (RLE) method. A remote attacker can exploit this by persuading a user to open a specially crafted TGA file, potentially causing arbitrary code to be injected and executed in the security context of the logged in user. In a successful code injection attack, the behavior of the target is entirely dependent on the intended function of the injected code. It executes within the security context of the current user. In an unsuccessful code injection attack, the application using the affected application terminates immediately.
References
- BugTraq: 46821
- CVE: CVE-2011-1345