Signature Detail
Short Name |
HTTP:STC:MS-FOREFRONT-RCE |
|---|---|
Severity |
High |
Recommended |
Yes |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Microsoft Forefront Threat Management Gateway Client Remote Code Execution |
Release Date |
2011/08/08 |
Update Number |
1968 |
Supported Platforms |
idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: Microsoft Forefront Threat Management Gateway Client Remote Code Execution
This signature detects attempts to exploit a known vulnerability in the Microsoft Forefront Threat Management Gateway 2010 Client. It is due to an error in the calculation of a buffer size in the NSPLookupServiceNext function. Potentially any application running on a system could be affected by this vulnerability due to the way Microsoft Forefront Threat Management Gateway is installed on a system. Remote attackers can exploit this vulnerability by enticing unsuspecting users to open a specially crafted web page or view an email message. Successful exploitation could result in execution of arbitrary code within the security context of the affected client application.
Extended Description
Microsoft Forefront Threat Management Gateway (TMG) Firewall client is prone to a memory-corruption vulnerability. An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed attacks may cause a denial-of-service condition.
Affected Products
- Microsoft Forefront Threat Management Gateway 2010 Client
References
- BugTraq: 48181
- CVE: CVE-2011-1889