Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

This site is deprecated. Please CLICK HERE for latest updates

Short Name

 SCAN:II:TIQ-WMF-MAL-HEADER

Severity

 Warning

Recommended

 No

Recommended Action

 Drop

Category

 SCAN

Keywords

 TrafficIQ WMF Malformed Header

Release Date

 2006/10/18

Update Number

 1213

Supported Platforms

 idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+

HTTP: TrafficIQ WMF Malformed Header


This signature detects a Windows Meta File (WMF) with invalid options in its header generated by TrafficIQ, a traffic generator. The WMF generated by TrafficIQ is not malicious and does not crash Internet Explorer.

Extended Description

Microsoft Internet Explorer is affected by an WMF image-parsing memory-corruption vulnerability. This issue is allegedly due to an integer-overflow flaw that leads to corrupted heap memory. This problem presents itself when a user views a malicious WMF-formatted file containing specially crafted data. This issue allows remote attackers to execute arbitrary machine code in the context of the affected application. Failed exploitation attempts likely result in crashing the application.

Affected Products

  • Avaya definityone_media_servers R10
  • Avaya definityone_media_servers R11
  • Avaya definityone_media_servers R12
  • Avaya definityone_media_servers R6
  • Avaya definityone_media_servers R7
  • Avaya definityone_media_servers R8
  • Avaya definityone_media_servers R9
  • Avaya definityone_media_servers
  • Avaya ip600_media_servers R10
  • Avaya ip600_media_servers R11
  • Avaya ip600_media_servers R12
  • Avaya ip600_media_servers R6
  • Avaya ip600_media_servers R7
  • Avaya ip600_media_servers R8
  • Avaya ip600_media_servers R9
  • Avaya ip600_media_servers
  • Avaya modular_messaging_(mas)
  • Avaya s8100_media_servers R10
  • Avaya s8100_media_servers R11
  • Avaya s8100_media_servers R12
  • Avaya s8100_media_servers R6
  • Avaya s8100_media_servers R7
  • Avaya s8100_media_servers R8
  • Avaya s8100_media_servers R9
  • Avaya s8100_media_servers
  • Avaya unified_communications_center_s3400
  • Microsoft internet_explorer 5.0.1 SP4
  • Nortel_networks contact_center
  • Nortel_networks ip_address_domain_manager
  • Nortel_networks ip_softphone_2050
  • Nortel_networks mcs_5100 3.0.0
  • Nortel_networks mcs_5200 3.0.0
  • Nortel_networks optivity_telephony_manager_tm-cs1000
  • Nortel_networks self-service_media_processing_server
  • Nortel_networks self-service_peri_ivr
  • Nortel_networks self-service_peri_nt_server

References

  • BugTraq: 16516
  • CVE: CVE-2006-0020
  • URL: http://www.microsoft.com/technet/security/advisory/913333.mspx
  • URL: http://www.us-cert.gov/cas/techalerts/TA06-045A.html
  • URL: http://www.microsoft.com/technet/security/bulletin/ms06-004.mspx

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out