Short Name |
HTTP:STC:ACTIVEX:EMV-PIXTOOLS |
---|---|
Severity |
Major |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
EMC Captiva PixTools Distributed Imaging File Creation |
Release Date |
2010/10/11 |
Update Number |
1789 |
Supported Platforms |
idp-4.0.110090709+, isg-3.1.134269+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts to exploit a known vulnerability in EMC Captiva PixTools. An attacker can create a Web site with Web pages containing dangerous ActiveX objects and commands, which if accessed by a victim, allows the attacker to gain control of the victim's client browser.
The EMC Captiva PixTools Distributed Imaging ActiveX control is prone to multiple insecure-method vulnerabilities that affect the PDIControl.PDI.1 ActiveX control (PDIControl.dll). Successfully exploiting these issues allows remote attackers to create or overwrite arbitrary local files, which may lead to arbitrary code execution. PDIControl.dll 2.2.3160.0 is vulnerable; other versions may also be affected.