Think you have a false positive on this rule?

Sid 1-50454

Message

FILE-IMAGE Directshow GIF logical height overflow attempt

Summary

Summary: DirectShow in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 allows remote attackers to execute arbitrary code via a crafted GIF file, aka "DirectShow Arbitrary Memory Overwrite Vulnerability."

Impact: CVSS base score 9.3 CVSS impact score 10.0 CVSS exploitability score 8.6 confidentialityImpact COMPLETE integrityImpact COMPLETE availabilityImpact COMPLETE

Detailed Information:

Affected Systems: microsoft windows7 * microsoft windows8 - microsoft windowsserver2003 * microsoft windowsserver2008 * microsoft windowsserver2008 r2 microsoft windowsserver2012 - microsoft windowsvista * microsoft windowsxp * microsoft windows_xp -

Attack Scenarios:

Ease of Attack:

False Positives: None known

False Negatives: None known

Corrective Action:

Contributors: Talos research team.

This document was generated from data supplied by the national vulnerability database, a product of the national institute of standards and technology.

For more information see [nvd].

Impact

Attempted User Privilege Gain

CVE-2013-3174:

CVSS base score 9.3

CVSS impact score 10.0

CVSS exploitability score 8.6

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

Detailed information

CVE-2013-3174: DirectShow in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 allows remote attackers to execute arbitrary code via a crafted GIF file, aka "DirectShow Arbitrary Memory Overwrite Vulnerability."

Affected systems

  • microsoft windows_7 *
  • microsoft windows_8 -
  • microsoft windowsserver2003 *
  • microsoft windowsserver2008 *
  • microsoft windowsserver2008 r2
  • microsoft windowsserver2012 -
  • microsoft windows_vista *
  • microsoft windows_xp *
  • microsoft windows_xp -

Ease of attack

CVE-2013-3174:

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

False positives

False negatives

Corrective action

Contributors

  • Cisco Talos Intelligence Group

Additional References