HTTP: Microsoft Forefront Threat Management Gateway Client Remote Code Execution
This signature detects attempts to exploit a known vulnerability in the Microsoft Forefront Threat Management Gateway 2010 Client. It is due to an error in the calculation of a buffer size in the NSPLookupServiceNext function. Potentially any application running on a system could be affected by this vulnerability due to the way Microsoft Forefront Threat Management Gateway is installed on a system. Remote attackers can exploit this vulnerability by enticing unsuspecting users to open a specially crafted web page or view an email message. Successful exploitation could result in execution of arbitrary code within the security context of the affected client application.
Extended Description
Microsoft Forefront Threat Management Gateway (TMG) Firewall client is prone to a memory-corruption vulnerability. An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed attacks may cause a denial-of-service condition.
Affected Products
Microsoft forefront_threat_management_gateway_2010_client
Short Name
HTTP:STC:MS-FOREFRONT-RCE
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2011-1889 Client Code Execution Forefront Gateway Management Microsoft Remote Threat bid:48181
Release Date
08/08/2011
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3720
False Positive
Unknown
Vendors
Microsoft
CVSS Score
10.0