1. Symantec-Broadcom-Horizontal/
  2. Security Response/
  3. Attack Signatures/
  4. HTTP Win32 API Remote Code Execution CVE-2007-2219

HTTP Win32 API Remote Code Execution CVE-2007-2219

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects attempts to exploit a remote code execution vulnerability during validation of a Win32 API.

Additional Information

A remote code execution vulnerability exists in the way that the Win32 API validates parameters.

Res protocol (res://) is the IE supported protocol that specifies a resource that will be obtained from a module.

There is an an issue in the implementation of FindResourceW (in kerner32.dll) which would cause a double free in FindResourceW, which then may result crash (best case) or remote code execution (worst case).

Affected

  • Microsoft Windows NT
  • Microsoft Windows 2000
  • Microsoft Windows XP
  • Microsoft Windows 2003

Response

Ensure that all security updates and patches provided by the vendor have been applied.

Additional References

  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube