Rule Category

FILE-OTHER -- Snort detected traffic targeting vulnerabilities in a file type that does not require enough rule coverage to have its own category.

Alert Message

FILE-OTHER Microsoft Windows TTF parsing counter overflow attempt

Rule Explanation

This event is generated when an attempt to exploit CVE-2012-2897 is detected. Impact: Attempted Administrator Privilege Gain Details: The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT, as used by Google Chrome before 22.0.1229.79 and other programs, do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via a crafted TrueType font file, aka "Windows Font Parsing Vulnerability" or "TrueType Font Parsing Vulnerability." Ease of Attack:

What To Look For

No information provided

Known Usage

No public information

False Positives

No known false positives

Contributors

Cisco Talos Intelligence Group This document was generated from data supplied by the national vulnerability database, a product of the national institute of standards and technology. For more information see [nvd].

Rule Groups

No rule groups

CVE

Additional Links

Rule Vulnerability

CVE Additional Information

This product uses data from the NVD API but is not endorsed or certified by the NVD.
CVE-2012-2897
Loading description
CVE-2012-4786
Loading description