cancel
Showing results for 
Search instead for 
Did you mean: 

HTTP: Windows Image File Handling Information Disclosure Vulnerability (CVE-2016-7212)

Hi All,

We have received this alert regularly(may be false positive). Kindly help us to solve this issue.

Matching Log for your reference:

2018-01-31 13:58:19 2347 10.0.18.86 manliebers - invalid_request DENIED "Audio/Video Clips;Content Servers" http://www.msn.com/en-us/news/world/analysts-say-trump-comments-bad-news-for-north-korea/ar-BBIuOhM?... 400 TCP_NC_MISS GET video/mp4 http wus-streaming-video-msn-com.akamaized.net 80 /3d36e669-08dd-473f-9fc9-809817ba7880/5c67e628-9fe2-4111-b6c0-b5ad653b_856x480_2166.mp4 - mp4 "Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko" 10.16.192.27 0 571 - "none" "none" 3a2a08df146be4e2-00000000537562fb-000000005a71cb78 - -
2018-01-31 13:58:19 1 10.0.18.86 - - authentication_failed DENIED "Web Ads/Analytics" http://www.msn.com/en-us/news/world/analysts-say-trump-comments-bad-news-for-north-korea/ar-BBIuOhM?... 407 TCP_DENIED GET - http ams1-ib.adnxs.com 80 /vevent ?e=wqT_3QKdCfQkAZ0EAAADANYABQEI9pbH0wUQr6OK87Kki7lmGP_2sInpy6j2Wio2Ca81TCX0688_EW76sx8pIss_GQAAAIDrUQpAIUF8YMd_AdI_KQFlU67wLtU_MQAAAGCPwtU_MOCvyAE4mAJAoR1IAlCsg6siWOS1A2AAaOKxLXij2QSAAQGKAQNVU0SSAQNVU0SYAawCoAH6AagBAbABALgBAcABBcgBAtABANgBAOABAPABAPoBCU5FV1VTRU4zNIoCc3VmKCdhJywgODIxODgyLCAxNTE3NDA3MDk0KTt1ZigncicsIDcyMDA4MTA4LCAxNTE3NDA3MDk0KTt1ZignZycsIDI2OTY3OTAsIDE1MTc0MDcwOTQpO3VmKCdpJywgNjkwODI5LCAxHRzwzJICrQIhYVVpd2R3aWk5Y01IRUt5RHF5SVlBQ0RrdFFNd0FEZ0FRQUJJb1IxUTRLX0lBVmdBWU5jRmFBQndIbmlRRm9BQjFBS0lBWkFVa0FFQm1BRUJvQUVCcUFFRHNBRUF1UUV3SWt3dWRoZlJQOEVCWTNyNkp3Y3YxVF9KQVhQb1lPMTc1ZWtfMlFGVDBPMGxqZEhwUC1BQmpaVXE5UUVBQUFBQWdBSUFpQUxJdnBrQ2lBTEJ2cGtDa0FJQmtBSUJtQUlBb0FJQXFBSUIBBAh0UUkFNAB2DQjwWndBTENBY2dDa0JUUUF0b0IyQUtRRk9BQ0FPZ0NBUGdDQUlBREFaQURBSmdEQWFnRG92WERCN29ERVdSbFptRjFiSFFqUVUxVE1Ub3pPVE13mgI5ITRBdlZfUWkyMAH0pAE1TFVESUFBb0FEb1JaR1ZtWVhWc2RDTkJUVk14T2pNNU16QS6yAiAwMjhhNzZkMzNiNWI2MmU3MWU1YjdkY2EzZjViNjEyYtgCAeAC8Psi6gJ5aHR0cDovL3d3dy5tc24uY29tL2VuLXVzL25ld3Mvd29ybGQvYW5hbHlzdHMtc2F5LXRydW1wLWNvbW1lbnRzLWJhZC1uZXdzLWZvci1ub3J0aC1rb3JlYS9hci1CQkl1T2hNP2xpPUJCbWt0NVImb2NpZD1pZW50cPICEQoGQ1BHX0lEEgcyNjk2Nzkw8gIRCgVDUF9JRBIIMTU3OTI4MDKAAwGIAwGQAwCYAxegAwGqAwDAA6wCyAMA2AOmBeADAOgDAPgDAoAEAJIEBi91dC92M5gEAKIEDTE5NC4yOS43OS4xMzWoBMrfCbIEEAgAEAEYrAIg-gEoADAAOAK4BADABKPa0xvIBADSBBFkZWZhdWx0I0FNUzE6MzkzMNoEAggB4AQB8ASsg6siiAUBmAUAoAX___________8BwAUAyQUAAAAAAADwP9IFCQkAAAAAAQ_wetgFAeAFAeoFFgoLcHJvdmlkZXJfaWQSBzdnejQ2NWrqBRMKCHBhZ2V0eXBlEgdhcnRpY2xl6gUKCgZvcHRvdXQSAOoFJwoDcmlkEiBmYjA0Y2RjYWE1NjM0NDQ4ODNiZGIyNTM5ZDMyODA0NfAFhvkN-gUECAAQAJAGAA..&s=322615a86c4291304628f2bf340202b49fed2b86&referrer=http%3A%2F%2Fwww.msn.com%2Fen-us%2Fnews%2Fworld%2Fanalysts-say-trump-comments-bad-news-for-north-korea%2Far-BBIuOhM%3Fli%3DBBmkt5R%26ocid%3Dientp&type=nv&nvt=5&px=1142&py=467&bw=300&bh=250&sid=3337614431662775980&sv=114&tv=view7-1h&ua=ie11&pl=win&x=v&ct=0&sw=1920&sh=1200&pw=1612&ph=6195&ww=1629&wh=1071&rr=0&ft=2 - "Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko" 10.16.192.27 1159 2358 - "none" "none" 3a2a08df146be4e2-00000000537563d6-000000005a71cb7b - -
2018-01-31 13:58:19 3 10.0.18.86 - - authentication_failed DENIED "Web Ads/Analytics" http://www.msn.com/en-us/news/world/analysts-say-trump-comments-bad-news-for-north-korea/ar-BBIuOhM?... 407 TCP_DENIED GET - http ams1-ib.adnxs.com 80 /vevent ?e=wqT_3QKdCfQkAZ0EAAADANYABQEI9pbH0wUQr6OK87Kki7lmGP_2sInpy6j2Wio2Ca81TCX0688_EW76sx8pIss_GQAAAIDrUQpAIUF8YMd_AdI_KQFlU67wLtU_MQAAAGCPwtU_MOCvyAE4mAJAoR1IAlCsg6siWOS1A2AAaOKxLXij2QSAAQGKAQNVU0SSAQNVU0SYAawCoAH6AagBAbABALgBAcABBcgBAtABANgBAOABAPABAPoBCU5FV1VTRU4zNIoCc3VmKCdhJywgODIxODgyLCAxNTE3NDA3MDk0KTt1ZigncicsIDcyMDA4MTA4LCAxNTE3NDA3MDk0KTt1ZignZycsIDI2OTY3OTAsIDE1MTc0MDcwOTQpO3VmKCdpJywgNjkwODI5LCAxHRzwzJICrQIhYVVpd2R3aWk5Y01IRUt5RHF5SVlBQ0RrdFFNd0FEZ0FRQUJJb1IxUTRLX0lBVmdBWU5jRmFBQndIbmlRRm9BQjFBS0lBWkFVa0FFQm1BRUJvQUVCcUFFRHNBRUF1UUV3SWt3dWRoZlJQOEVCWTNyNkp3Y3YxVF9KQVhQb1lPMTc1ZWtfMlFGVDBPMGxqZEhwUC1BQmpaVXE5UUVBQUFBQWdBSUFpQUxJdnBrQ2lBTEJ2cGtDa0FJQmtBSUJtQUlBb0FJQXFBSUIBBAh0UUkFNAB2DQjwWndBTENBY2dDa0JUUUF0b0IyQUtRRk9BQ0FPZ0NBUGdDQUlBREFaQURBSmdEQWFnRG92WERCN29ERVdSbFptRjFiSFFqUVUxVE1Ub3pPVE13mgI5ITRBdlZfUWkyMAH0pAE1TFVESUFBb0FEb1JaR1ZtWVhWc2RDTkJUVk14T2pNNU16QS6yAiAwMjhhNzZkMzNiNWI2MmU3MWU1YjdkY2EzZjViNjEyYtgCAeAC8Psi6gJ5aHR0cDovL3d3dy5tc24uY29tL2VuLXVzL25ld3Mvd29ybGQvYW5hbHlzdHMtc2F5LXRydW1wLWNvbW1lbnRzLWJhZC1uZXdzLWZvci1ub3J0aC1rb3JlYS9hci1CQkl1T2hNP2xpPUJCbWt0NVImb2NpZD1pZW50cPICEQoGQ1BHX0lEEgcyNjk2Nzkw8gIRCgVDUF9JRBIIMTU3OTI4MDKAAwGIAwGQAwCYAxegAwGqAwDAA6wCyAMA2AOmBeADAOgDAPgDAoAEAJIEBi91dC92M5gEAKIEDTE5NC4yOS43OS4xMzWoBMrfCbIEEAgAEAEYrAIg-gEoADAAOAK4BADABKPa0xvIBADSBBFkZWZhdWx0I0FNUzE6MzkzMNoEAggB4AQB8ASsg6siiAUBmAUAoAX___________8BwAUAyQUAAAAAAADwP9IFCQkAAAAAAQ_wetgFAeAFAeoFFgoLcHJvdmlkZXJfaWQSBzdnejQ2NWrqBRMKCHBhZ2V0eXBlEgdhcnRpY2xl6gUKCgZvcHRvdXQSAOoFJwoDcmlkEiBmYjA0Y2RjYWE1NjM0NDQ4ODNiZGIyNTM5ZDMyODA0NfAFhvkN-gUECAAQAJAGAA..&s=322615a86c4291304628f2bf340202b49fed2b86&referrer=http%3A%2F%2Fwww.msn.com%2Fen-us%2Fnews%2Fworld%2Fanalysts-say-trump-comments-bad-news-for-north-korea%2Far-BBIuOhM%3Fli%3DBBmkt5R%26ocid%3Dientp&type=nv&nvt=5&px=1142&py=467&bw=300&bh=250&sid=3337614431662775980&sv=114&tv=view7-1h&ua=ie11&pl=win&x=v&ct=0&sw=1920&sh=1200&pw=1612&ph=6195&ww=1629&wh=1071&rr=0&ft=2 - "Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko" 10.16.192.27 1449 2442 - "none" "none" 3a2a08df146be4e2-00000000537563da-000000005a71cb7b - -

Regards,

BB

3 Replies

Re: HTTP: Windows Image File Handling Information Disclosure Vulnerability (CVE-2016-7212)

Hi All,

Someone pls provide the signature for this alert. We will check with the matched PCAP data.

Regards,

BB

 

Reliable Contributor mjesmer
Reliable Contributor
Report Inappropriate Content
Message 3 of 4

Re: HTTP: Windows Image File Handling Information Disclosure Vulnerability (CVE-2016-7212)

This is a non-disclosed signature it appears. 

Submit a False Positive case to Support for further assistance.

 

https://kc.mcafee.com/corporate/index?page=content&id=KB55743

Reliable Contributor petermason
Reliable Contributor
Report Inappropriate Content
Message 4 of 4

Re: HTTP: Windows Image File Handling Information Disclosure Vulnerability (CVE-2016-7212)

Hi Bharani,

The signature for this alert is now available in Attack Definitions

Peter

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community