HTTP: Microsoft Windows Media Format ASF Parsing Buffer Overflow
This signature detects attempts to exploit a known buffer overflow vulnerability in Microsoft Windows Media Format library. It is caused due to a boundary error when processing Advanced Systems Format (ASF) files. A remote attacker can exploit this by enticing the target user to open crafted ASF file, which if successful, allows arbitrary code to be injected and executed in the security context of the currently logged in user.
Extended Description
Windows Media Player is prone to a buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data. Attackers may attempt to exploit this issue by coercing users to visit a malicious website or to access malicious ASF files. Successfully exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the user running the affected application. This facilitates the remote compromise of affected computers.
Affected Products
Avaya s8100_media_servers,Microsoft windows_media_player
Short Name
HTTP:STC:STREAM:ASF-BOF
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
ASF Buffer CVE-2006-4702 Format Media Microsoft Overflow Parsing Windows bid:21505
Release Date
07/13/2011
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3339
False Positive
Unknown
Vendors
Microsoft
Avaya
CVSS Score
6.8