Think you have a false positive on this rule?

Sid 1-50872

Message

OS-WINDOWS Microsoft Fax Cover Page Editor heap corruption attempt

Summary

This event is generated when there is a Microsoft Fax Cover Page Editor heap corruption attempt.

Impact

Attempted User Privilege Gain

CVE-2010-3974:

CVSS base score 7.6

CVSS impact score 10.0

CVSS exploitability score 4.9

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

Detailed information

CVE-2010-3974: fxscover.exe in the Fax Cover Page Editor in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly parse FAX cover pages, which allows remote attackers to execute arbitrary code via a crafted .cov file, aka "Fax Cover Page Editor Memory Corruption Vulnerability."

Affected systems

microsoft windows2003server *
microsoft windows_7 -
microsoft windowsserver2003 *
microsoft windowsserver2008 *
microsoft windowsserver2008 -
microsoft windowsserver2008 r2
microsoft windows_vista *
microsoft windows_xp *
microsoft windows_xp -

Ease of attack

CVE-2010-3974:

Access Vector NETWORK

Access Complexity HIGH

Authentication NONE

False positives

None known.

False negatives

None known.

Corrective action

Contributors

Cisco Talos Intelligence Group

Additional References

technet.microsoft.com/en-us/security/bulletin/MS11-024