HTTP: Suspicious File Download Attempt
This signature detects users downloading malformed suspicious files through HTTP. A successful exploit can result in a denial-of-service condition or remote code execution.
Extended Description
Windows Shell in Microsoft Windows XP SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users or remote attackers to execute arbitrary code via a crafted (1) .LNK or (2) .PIF shortcut file, which is not properly handled during icon display in Windows Explorer, as demonstrated in the wild in July 2010, and originally reported for malware that leverages CVE-2010-2772 in Siemens WinCC SCADA systems.
Affected Products
Microsoft windows_vista
References
CVE: CVE-2015-7089
Short Name
HTTP:EXPLOIT:EXP-MALICOUS-FILE
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
Attempt CVE-2009-1605 CVE-2009-1792 CVE-2010-2568 CVE-2010-4010 CVE-2014-4148 CVE-2015-7088 CVE-2015-7089 CVE-2015-8396 CVE-2016-1515 CVE-2016-2210 Download File Suspicious
Release Date
08/31/2016
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3718
False Positive
Unknown
Vendors
Microsoft
CVSS Score
9.3
9.0
6.8
10.0