FILE-OTHER TrueType Font Windows EOT font engine remote code execution attempt
This event is generated when an attacker attempts to exploit an integer overflow vulnerability present in the Windows EOT font engine.
Attempted User Privilege Gain
Rule checks for an attempt to trigger an integer overflow vulnerability present in the Windows EOT font engine.
Ease of attack
Update all affected products seen here: portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2018-1016
- Cisco's Talos Intelligence Group