This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.
This signature detects attempts to exploit a remote code execution vulnerability during validation of a Win32 API.
A remote code execution vulnerability exists in the way that the Win32 API validates parameters.
Res protocol (res://) is the IE supported protocol that specifies a resource that will be obtained from a module.
There is an an issue in the implementation of FindResourceW (in kerner32.dll) which would cause a double free in FindResourceW, which then may result crash (best case) or remote code execution (worst case).
- Microsoft Windows NT
- Microsoft Windows 2000
- Microsoft Windows XP
- Microsoft Windows 2003
Ensure that all security updates and patches provided by the vendor have been applied.