Short Name |
HTTP:STC:ACTIVEX:F-SECURE-MC |
---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
F-Secure Multiple Products ActiveX SEH Overwrite Memory Corruption |
Release Date |
2011/08/29 |
Update Number |
1981 |
Supported Platforms |
idp-4.0.110090709+, isg-3.1.134269+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
This signature detects attempts to use unsafe ActiveX controls in F-Secure. An attacker can create a malicious Web site containing Web pages with dangerous ActiveX controls, which if accessed by a victim, allows the attacker to gain control of the victim's client browser.
Multiple F-Secure products are prone to a memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code within the context of the affected application that uses the affected ActiveX control (typically Internet Explorer). Failed exploit attempts will result in a denial-of-service condition. The following products are affected: F-Secure Anti-Virus 2010 and 2011 F-Secure Internet Security 2010 and 2011 F-Secure Protection Service for Consumers 9 F-Secure Protection Service for Business - Workstation security 9