Short Name |
HTTP:STC:ACTIVEX:CODEBASE |
---|---|
Severity |
Critical |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Internet Explorer Codebase ActiveX |
Release Date |
2003/11/05 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts to use injected HTML to reference an Active-X control. Attackers can create a malicious Web site that uses injected HTML; users browsing that malicious Web site can unknowingly execute arbitrary attack code. Attackers can also send an HTML-formatted e-mail to a target user to redirect the user to the malicious Web site.
The problem occurs when Internet Explorer receives a response from the server when a web page containing an object tag is parsed. Successful exploitation of this vulnerability could allow a malicious object to be trusted and as such be executed on the local system. All code execution would occur in the security context of the current user.