HTTP: Microsoft Windows Media Decompression Remote Code Execution

This signature detects attempts to exploit a known vulnerability against Microsoft Windows in the way it handles media content. A successful attack can lead to arbitrary code execution.

Extended Description

Quartz.dll in DirectShow in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows remote attackers to execute arbitrary code via crafted media content in (1) a media file, (2) a media stream, or (3) a Microsoft Office document, aka "Media Decompression Vulnerability."

Affected Products

Microsoft windows_vista

References

CVE: CVE-2013-0077

Short Name
HTTP:STC:DL:MS-MEDIA-DECOMP
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2013-0077 Code Decompression Execution Media Microsoft Remote Windows
Release Date
02/12/2013
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3659
False Positive
Unknown
Vendors

Microsoft

CVSS Score

9.3

Found a potential security threat?