SMB: Microsoft Windows Briefcase Integer Overflow

This signature detects attempts to exploit a known vulnerability against Microsoft Windows Briefcase. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the server.

Extended Description

Integer overflow in Windows Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 allows local users to gain privileges via a crafted briefcase, aka "Windows Briefcase Integer Overflow Vulnerability."

Affected Products

Microsoft windows_vista

References

BugTraq: 56442

CVE: CVE-2012-1528

Short Name
SMB:OF:MS-WIN-BRIEFCASE
Severity
Critical
Recommended
False
Recommended Action
Drop
Category
SMB
Keywords
Briefcase CVE-2012-1528 Integer Microsoft Overflow Windows bid:56442
Release Date
02/22/2023
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3659
False Positive
Unknown
Vendors

Microsoft

Found a potential security threat?