Signature Detail

Short Name	HTTP:STC:IMG:WPG-HEAP-OVF
Severity	High
Recommended	Yes
Recommended Action	Drop
Category	HTTP
Keywords	Microsoft Office .wpg Image Heap Overflow
Release Date	2014/05/14
Update Number	2374
Supported Platforms	idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

HTTP: Microsoft Office .wpg Image Heap Overflow

This signature detects attempts to exploit a known vulnerability against Microsoft Office. A successful attack can lead to arbitrary code execution.

Extended Description

WPGIMP32.FLT in Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office Converter Pack; and Works 8 does not properly parse the length of a WordPerfect Graphics (WPG) file, which allows remote attackers to execute arbitrary code via a crafted WPG file, aka the "WPG Image File Heap Corruption Vulnerability."

Affected Products

microsoft office 2000 (sp3)
microsoft office 2003 (sp2)
microsoft office xp (sp3)
microsoft office_converter_pack
microsoft works 8.0

References

CVE: CVE-2008-3460

Signature Detail

Short Name

Severity

Recommended

Recommended Action

Category

Keywords

Release Date

Update Number

Supported Platforms

HTTP: Microsoft Office .wpg Image Heap Overflow

Extended Description

Affected Products

References