Signature Detail
Short Name |
HTTP:STC:ACTIVEX:CLEVER-INTERNT |
|---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Clever Internet Unsafe ActiveX Suite Arbitrary File Download/Overwrite |
Release Date |
2012/12/02 |
Update Number |
2207 |
Supported Platforms |
idp-4.0.110090709+, isg-3.1.134269+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: Clever Internet Unsafe ActiveX Suite Arbitrary File Download/Overwrite
This signature detects attempts to use unsafe ActiveX controls against Clever Internet. An attacker can create a malicious Web site containing Web pages with dangerous ActiveX controls, which if accessed by a victim, allows the attacker to gain control of the victim's client browser.
Extended Description
Clever Internet ActiveX Suite ActiveX control is prone to an arbitrary file-overwrite vulnerability due to a design error. An attacker can exploit this issue to overwrite or download arbitrary files on the victim's computer in the context of the vulnerable application using the ActiveX control (typically Internet Explorer). Successful exploits will allow attackers to cause denial-of-service conditions or to access sensitive information; other consequences are possible. This issue affects Clever Internet ActiveX Suite 6.2; other versions may also be affected.
Affected Products
- Clever Components Clever Internet ActiveX Suite 6.2
References
- BugTraq: 25063
- CVE: CVE-2007-4067