HTTP: Microsoft Paint JPEG Image Parsing Integer Overflow
This signature detects attempts to exploit a known integer overflow vulnerability in Microsoft Paint, shipped with various versions of Microsoft Windows. It is due to an input validation error while parsing specially crafted JPEG image files. Remote attackers can exploit this by enticing target users to open maliciously crafted JPEG image files in a vulnerable version of MS Paint. A successful attack can cause a heap buffer overflow that can lead to arbitrary code execution in the security context of the logged in user. In an unsuccessful attack, the affected application can abnormally terminate.
Extended Description
Microsoft Paint is prone to a remote integer-overflow vulnerability. An attacker can exploit this issue to execute arbitrary code with the privileges of the currently logged-in user. Failed exploit attempts will result in a denial-of-service condition.
Affected Products
Avaya messaging_application_server,Microsoft windows_xp_tablet_pc_edition
Short Name
HTTP:STC:IMG:PAINT-JPEG-OF
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2010-0028 Image Integer JPEG Microsoft Overflow Paint Parsing bid:38042
Release Date
10/13/2010
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3339
False Positive
Unknown
Vendors
Microsoft
Avaya
CVSS Score
9.3