Think you have a false positive on this rule?

Sid 1-49483

Message

FILE-OTHER Microsoft Windows TTF parsing counter overflow attempt

Summary

This event is generated when an attempt to exploit CVE-2012-2897 is detected.

Impact

Attempted Administrator Privilege Gain

CVE-2012-2897:

CVSS base score 10.0

CVSS impact score 10.0

CVSS exploitability score 10.0

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

CVE-2012-4786:

CVSS base score 10.0

CVSS impact score 10.0

CVSS exploitability score 10.0

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

Detailed information

The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT, as used by Google Chrome before 22.0.1229.79 and other programs, do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via a crafted TrueType font file, aka "Windows Font Parsing Vulnerability" or "TrueType Font Parsing Vulnerability." CVE-2012-2897: The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT, as used by Google Chrome before 22.0.1229.79 and other programs, do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via a crafted TrueType font file, aka "Windows Font Parsing Vulnerability" or "TrueType Font Parsing Vulnerability."

CVE-2012-4786: The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allow remote attackers to execute arbitrary code via a crafted TrueType Font (TTF) file, aka "TrueType Font Parsing Vulnerability."

Affected systems

  • google chrome 22.0.1229.0
  • google chrome 22.0.1229.1
  • google chrome 22.0.1229.2
  • google chrome 22.0.1229.3
  • google chrome 22.0.1229.4
  • google chrome 22.0.1229.6
  • google chrome 22.0.1229.7
  • google chrome 22.0.1229.8
  • google chrome 22.0.1229.9
  • google chrome 22.0.1229.10
  • google chrome 22.0.1229.11
  • google chrome 22.0.1229.12
  • google chrome 22.0.1229.14
  • google chrome 22.0.1229.16
  • google chrome 22.0.1229.17
  • google chrome 22.0.1229.18
  • google chrome 22.0.1229.20
  • google chrome 22.0.1229.21
  • google chrome 22.0.1229.22
  • google chrome 22.0.1229.23
  • google chrome 22.0.1229.24
  • google chrome 22.0.1229.25
  • google chrome 22.0.1229.26
  • google chrome 22.0.1229.27
  • google chrome 22.0.1229.28
  • google chrome 22.0.1229.29
  • google chrome 22.0.1229.31
  • google chrome 22.0.1229.32
  • google chrome 22.0.1229.33
  • google chrome 22.0.1229.35
  • google chrome 22.0.1229.36
  • google chrome 22.0.1229.37
  • google chrome 22.0.1229.39
  • google chrome 22.0.1229.48
  • google chrome 22.0.1229.49
  • google chrome 22.0.1229.50
  • google chrome 22.0.1229.51
  • google chrome 22.0.1229.52
  • google chrome 22.0.1229.53
  • google chrome 22.0.1229.54
  • google chrome 22.0.1229.55
  • google chrome 22.0.1229.56
  • google chrome 22.0.1229.57
  • google chrome 22.0.1229.58
  • google chrome 22.0.1229.59
  • google chrome 22.0.1229.60
  • google chrome 22.0.1229.62
  • google chrome 22.0.1229.63
  • google chrome 22.0.1229.64
  • google chrome 22.0.1229.65
  • google chrome 22.0.1229.67
  • google chrome 22.0.1229.76
  • google chrome 22.0.1229.78
  • microsoft windows_7 -
  • microsoft windows_8 -
  • microsoft windows_rt -
  • microsoft windowsserver2003 *
  • microsoft windowsserver2008 *
  • microsoft windowsserver2008 -
  • microsoft windowsserver2008 r2
  • microsoft windowsserver2012 -
  • microsoft windows_vista *
  • microsoft windows_vista -
  • microsoft windows_xp *
  • microsoft windows_xp -
  • microsoft windows_7 gold

Ease of attack

CVE-2012-2897:

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

CVE-2012-4786:

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

False positives

False negatives

Corrective action

Contributors

  • Cisco Talos Intelligence Group
  • This document was generated from data supplied by the national vulnerability database, a product of the national institute of standards and technology.
  • For more information see nvd.

Additional References

  • technet.microsoft.com/en-us/security/bulletin/ms12-075
  • technet.microsoft.com/en-us/security/bulletin/MS12-078