Think you have a false positive on this rule?

Sid 1-49427

Message

FILE-OTHER Microsoft Wordpad embedded BMP overflow attempt

Summary

This event is generated when Microsoft Wordpad embedded BMP overflow attempted.

Impact

Attempted User Privilege Gain

CVE-2013-3940:

CVSS base score 9.3

CVSS impact score 10.0

CVSS exploitability score 8.6

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

Detailed information

CVE-2013-3940: Integer overflow in the Graphics Device Interface (GDI) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted image in a Windows Write (.wri) document, which is not properly handled in WordPad, aka "Graphics Device Interface Integer Overflow Vulnerability."

Affected systems

  • microsoft windows2003server *
  • microsoft windows_7 *
  • microsoft windows_8 -
  • microsoft windows_8.1 -
  • microsoft windows_rt -
  • microsoft windowsrt8.1 -
  • microsoft windowsserver2008 *
  • microsoft windowsserver2008 r2
  • microsoft windowsserver2012 -
  • microsoft windowsserver2012 r2
  • microsoft windows_vista *
  • microsoft windows_xp *
  • microsoft windows_xp -

Ease of attack

CVE-2013-3940:

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

False positives

False negatives

Corrective action

Contributors

  • Cisco Talos Intelligence Group

Additional References

  • technet.microsoft.com/en-us/security/bulletin/ms13-089