HTTP: Windows Groupfile Download via HTTP
This signature detects GRP files sent over HTTP. GRP files can contain Windows Program Group information and can be exploited by malcious users to deposit instructions or arbritrary code on a target's system. User involvement is required to activate GRP files; typically they are attached or linked to a harmless-appearing e-mail message.
Extended Description
Microsoft Windows operating systems have been reported to be prone to a remotely exploitable buffer overrun condition. This issue is exposed when a client attempts to connect to an SMB share with an overly long name. This may cause explorer.exe or Internet Explorer to crash but could also potentially be leveraged to execute arbitrary code as the client user.
Affected Products
Avaya s8100_media_servers,Microsoft windows_98
References
BugTraq: 10213
CVE: CVE-2004-0214
URL: http://www.microsoft.com/technet/security/bulletin/MS04-037.mspx http://www.internetfixes.com/file_ext.htm
Short Name
HTTP:EXT:DOT-GRP
Severity
Minor
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
CVE-2004-0214 Download Groupfile HTTP Windows bid:10213 via
Release Date
10/15/2004
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Microsoft
Avaya
CVSS Score
10.0