Short Name |
HTTP:STC:ACTIVEX:DXTMSFT |
---|---|
Severity |
Medium |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Microsoft DirectX Media DXTMSFT.DLL ActiveX Control DoS |
Release Date |
2012/12/01 |
Update Number |
2207 |
Supported Platforms |
idp-4.0.110090709+, isg-3.1.134269+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
This signature detects attempts to use unsafe ActiveX controls against Microsoft DirectX Media DXTMSFT.DLL. An attacker can create a malicious Web site containing Web pages with dangerous ActiveX controls, which if accessed by a victim, allows the attacker to gain control of the victim's client browser.
Microsoft DirectX Media ActiveX control is prone to multiple denial-of-service vulnerabilities because it fails to perform adequate checks on user-supplied data. Successfully exploiting these issues allows remote attackers to crash applications using the affected ActiveX control (typically Internet Explorer). Given the nature of these issues, attackers may also be able to execute code, but this has not been confirmed.