Signature Detail
This site is deprecated. Please CLICK HERE for latest updates
Short Name |
HTTP:STC:ACTIVEX:COM-OBJ |
|---|---|
Severity |
Major |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Microsoft COM Object Instantiation Memory Corruption |
Release Date |
2007/02/13 |
Update Number |
1213 |
Supported Platforms |
di-5.3+, idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
HTTP: Microsoft COM Object Instantiation Memory Corruption
This signature detects attempts to exploit a known vulnerability in Microsoft Internet Explorer. An attacker could exploit the vulnerability by constructing a specially crafted Web page that can potentially allow remote code execution if a user viewed the Web page. An attacker who successfully exploited this vulnerability can take complete control of an affected system.
Extended Description
Microsoft Internet Explorer is prone to a memory-corruption vulnerability when instantiating certain COM objects. Successfully exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the affected application. This facilitates the remote compromise of affected computers. Internet Explorer 7 on Microsoft Vista is not affected by this issue; Internet Explorer 7 on other Windows versions is affected only if COM objects have been enabled by the ActiveX opt-in feature. This BID is similar to the one described in BID 15827 (Microsoft Internet Explorer COM Object Instantiation Memory Corruption Vulnerability), but it affects a different set of COM objects.
Affected Products
- Avaya agent_access
- Avaya basic_call_management_system_reporting_desktop server
- Avaya basic_call_management_system_reporting_desktop
- Avaya cms_supervisor
- Avaya computer_telephony
- Avaya contact_center_express
- Avaya cvlan
- Avaya enterprise_management
- Avaya integrated_management
- Avaya interaction_center
- Avaya interaction_center-voice_quick_start
- Avaya ip_agent
- Avaya ip_softphone
- Avaya messaging_application_server
- Avaya modular_messaging_(mas)
- Avaya network_reporting
- Avaya octelaccess(r)_server
- Avaya octeldesignertm
- Avaya operational_analyst
- Avaya outbound_contact_management
- Avaya s8100_media_servers R10
- Avaya s8100_media_servers R11
- Avaya s8100_media_servers R12
- Avaya s8100_media_servers R6
- Avaya s8100_media_servers R7
- Avaya s8100_media_servers R8
- Avaya s8100_media_servers R9
- Avaya s8100_media_servers
- Avaya speech_access
- Avaya unified_communication_center
- Avaya unified_messenger_(r)
- Avaya visual_messenger_tm
- Avaya visual_vector_client
- Avaya vpnmanagertm_console
- Avaya web_messenger
- Hp storage_management_appliance 2.1
- Microsoft internet_explorer 5.0.1
- Microsoft internet_explorer 5.0.1 SP1
- Microsoft internet_explorer 5.0.1 SP2
- Microsoft internet_explorer 5.0.1 SP3
- Microsoft internet_explorer 5.0.1 SP4
- Microsoft internet_explorer 6.0
- Microsoft internet_explorer 6.0 SP1
- Microsoft internet_explorer 7.0
- Nortel_networks callpilot 1002Rp
- Nortel_networks callpilot 200I
- Nortel_networks callpilot 201I
- Nortel_networks callpilot 702T
- Nortel_networks callpilot 703T
- Nortel_networks centrex_ip_client_manager 7.0.0
- Nortel_networks centrex_ip_client_manager 8.0.0
- Nortel_networks centrex_ip_client_manager 9.0
- Nortel_networks contact_center
- Nortel_networks contact_center_express
- Nortel_networks contact_center_manager
- Nortel_networks contact_center_manager_server
- Nortel_networks symposium_network_control_center_(ncc)
References
- BugTraq: 22486
- CVE: CVE-2006-4697
- URL: http://www.microsoft.com/technet/security/Bulletin/MS07-016.mspx