HTTP: Microsoft Office Image Filter Crafted BMP Header Buffer Overflow
This signature detects attempts to exploit a known vulnerability in Image Filter shipped with Microsoft Office. It is due to improper validation of the number of used colors in BMP header. A remote unauthenticated attacker can exploit this by enticing a user to open a malicious BMP image with the affected application, causing the execution of arbitrary code in the security context of the current user. An attack targeting this vulnerability can result in the injection and execution of code. If successful, the behavior of the target depends on the intention of the attacker. Any code injected will be executed within the security context of the currently logged in user. In an unsuccessful attack, the affected application can terminate resulting in the loss of any unsaved data from the current session.
Extended Description
Microsoft Office is prone to a remote code-execution vulnerability. An attacker could exploit this issue by enticing a victim to open a malicious BMP file. Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently logged-in user.
Affected Products
Microsoft office_xp
Short Name
HTTP:STC:DL:OFFICE-BMP-HEADER
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
BMP Buffer CVE-2008-3020 Crafted Filter Header Image Microsoft Office Overflow bid:30599
Release Date
10/12/2010
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Microsoft
CVSS Score
9.3