HTTP: Internet Explorer WebFonts File Download
This signature detects the transfer of an embedded font over HTTP (eot file). This file format is known to contain some recognized vulnerabilities, which can result in a denial-of-service condition on the client system or arbitrary remote code execution. Internet Explorer is known to be vulnerable to this kind of attack.
Extended Description
Microsoft Windows is susceptible to a remotely exploitable buffer-overflow vulnerability. This issue is due to the software's failure to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer. This issue allows remote attackers to execute arbitrary machine code in the context of the vulnerable software on the targeted user's computer.
Affected Products
Avaya s8100_media_servers,Microsoft windows_98
Short Name
HTTP:STC:IE:EOT-WEBFONTS-DL
Severity
Minor
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2006-0010 Download Explorer File Internet WebFonts bid:16194
Release Date
01/10/2006
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Nortel_networks
Microsoft
Avaya
CVSS Score
9.3