Think you have a false positive on this rule?

Sid 1-50889

Message

FILE-OTHER Microsoft OpenType font index remote code execution attempt

Summary

This event is generated when Microsoft OpenType font index remote code execution attempt.

Impact

Attempted Administrator Privilege Gain

CVE-2010-3956:

CVSS base score 9.3

CVSS impact score 10.0

CVSS exploitability score 8.6

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

Detailed information

CVE-2010-3956: The OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly perform array indexing, which allows local users to gain privileges via a crafted OpenType font, aka "OpenType Font Index Vulnerability."

Affected systems

  • microsoft windows2003server *
  • microsoft windows_7 *
  • microsoft windows_7 -
  • microsoft windowsserver2003 *
  • microsoft windowsserver2008 *
  • microsoft windowsserver2008 -
  • microsoft windows_vista *
  • microsoft windows_vista -
  • microsoft windows_xp *
  • microsoft windows_xp -

Ease of attack

CVE-2010-3956:

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

False positives

False negatives

Corrective action

Contributors

  • Cisco Talos Intelligence Group

Additional References