Short Name |
HTTP:STC:ACTIVEX:HPIS-DATA-MGR |
---|---|
Severity |
Major |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
HP Instant Support HPISDataManager.dll Unsafe ActiveX Control |
Release Date |
2012/11/05 |
Update Number |
2200 |
Supported Platforms |
idp-4.0.110090709+, isg-3.1.134269+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts to use an unsafe ActiveX control in HP Instant Support. An attacker can create a malicious Web site containing Web pages with dangerous ActiveX controls, which if accessed by a victim, allows the attacker to gain control of the victim's client browser.
HP Instant Support ActiveX control in 'HPISDataManager.dll' is prone to a vulnerability that lets attackers download arbitrary files. Attackers may exploit this issue by enticing victims into visiting a maliciously crafted webpage. Successful exploits will allow remote attackers to download files from arbitrary locations to the affected computer. The attacker can also specify arbitrary download locations on the target system. NOTE: This issue was previously covered in BID 29526 (HP Instant Support 'HPISDataManager.dll' ActiveX Control Unspecified Code Execution Vulnerabilities), but has been given its own record because of new information.