Signature Detail
Short Name |
HTTP:STC:ACTIVEX:F-SECURE-MC |
|---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
F-Secure Multiple Products ActiveX SEH Overwrite Memory Corruption |
Release Date |
2011/08/29 |
Update Number |
1981 |
Supported Platforms |
idp-4.0.110090709+, isg-3.1.134269+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: F-Secure Multiple Products ActiveX SEH Overwrite Memory Corruption
This signature detects attempts to use unsafe ActiveX controls in F-Secure. An attacker can create a malicious Web site containing Web pages with dangerous ActiveX controls, which if accessed by a victim, allows the attacker to gain control of the victim's client browser.
Extended Description
Multiple F-Secure products are prone to a memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code within the context of the affected application that uses the affected ActiveX control (typically Internet Explorer). Failed exploit attempts will result in a denial-of-service condition. The following products are affected: F-Secure Anti-Virus 2010 and 2011 F-Secure Internet Security 2010 and 2011 F-Secure Protection Service for Consumers 9 F-Secure Protection Service for Business - Workstation security 9
Affected Products
- F-Secure Anti-Virus 2010
- F-Secure Anti-Virus 2011
- F-Secure Internet Security 2010
- F-Secure Internet Security 2011
- F-Secure Protection Service for Business - Workstation 9.0
- F-Secure Protection Service for Consumers 9.0
References