Short Name |
HTTP:STC:ACTIVEX:CODEBASE-2 |
---|---|
Severity |
Critical |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Internet Explorer Codebase ActiveX (2) |
Release Date |
2003/11/05 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
This signature detects attempts to use injected HTML to reference an Active-X control. Attackers can create a malicious Web site that uses injected HTML; users browsing that malicious Web site can unknowingly execute arbitrary attack code. Attackers can also send an HTML-formatted e-mail to a target user to redirect the user to the malicious Web site.
The problem occurs when Internet Explorer receives a response from the server when a web page containing an object tag is parsed. Successful exploitation of this vulnerability could allow a malicious object to be trusted and as such be executed on the local system. All code execution would occur in the security context of the current user.