|TREND MICRO CUSTOMER PROTECTION
|Trend Micro TippingPoint IPS customers are protected against this vulnerability by Digital Vaccine protection filter ID ['20032']. For further product information on the TippingPoint IPS: http://www.tippingpoint.com
The specific flaw exists within BeginPreRead processing. When handling malformed 0x7f77 type fields, it is possible for an attacker to force a stack-based buffer overflow. An attacker can leverage this vulnerability to execute arbitrary code in the context of the process.
06/25/2015 - ZDI disclosed 4 cases to ICS-CERT
Given the stated purpose of Proface GP-Pro, and the nature of the vulnerability, the only salient mitigation strategy is to restrict interaction with the application to trusted files.
-- Vendor Response Link:
|Steven Seeley of Source Incite