HTTP: Windows Graphics Rendering Engine MIC File Malformed biClrUsed Parameter

This signature detects attempts to exploit a known vulnerability against Microsoft's Graphics Rendering Engine. A successful attack can lead to arbitrary code execution.

Extended Description

Microsoft Windows is prone to a remote stack-based buffer-overflow vulnerability in the Windows Graphics Rendering Engine because the software fails to perform adequate boundary-checks on user-supplied data. An attacker can exploit this issue by enticing an unsuspecting user to open a malicious '.MIC' or office file. NOTE: To exploit this issue, the target must view the malicious document in the 'Thumbnails' view. Successfully exploiting this issue would allow the attacker to corrupt memory and execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will result in a denial-of-service condition.

Affected Products

Avaya messaging_application_server,Microsoft windows_xp_professional

References

BugTraq: 45662

CVE: CVE-2010-3970

URL: http://www.microsoft.com/technet/security/advisory/2490606.mspx http://blogs.technet.com/b/msrc/archive/2011/01/04/microsoft-releases-security-advisory-2490606.aspx http://blogs.technet.com/srd/ http://qoop.org/tmp/thumbnail-slides.zip

Short Name

HTTP:STC:DL:MAL-MIC-BICLRUSED

Severity

Major

Recommended

False

Recommended Action

Drop

HTTP: Windows Graphics Rendering Engine MIC File Malformed biClrUsed Parameter

Extended Description

Affected Products

References

Found a potential security threat?