HTTP: Microsoft Windows TrueType Font Parsing Vulnerability
This signature detects attempts to exploit a known vulnerability against Microsoft Windows TrueType Font. A successful attack can lead to arbitrary code execution.
Extended Description
The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT, as used by Google Chrome before 22.0.1229.79 and other programs, do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via a crafted TrueType font file, aka "Windows Font Parsing Vulnerability" or "TrueType Font Parsing Vulnerability."
Short Name
HTTP:STC:DL:MS-TTF-PARSING
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2012-2897 CVE-2012-4786 Font Microsoft Parsing TrueType Vulnerability Windows bid:56457 bid:56842
Release Date
11/12/2012
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3723
False Positive
Unknown
CVSS Score
10.0