Signature Detail
Short Name |
HTTP:STC:ACTIVEX:IBIZ-E-BANKING |
|---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
IBiz E-Banking Integrator Unsafe Object ActiveX Control |
Release Date |
2012/11/11 |
Update Number |
2202 |
Supported Platforms |
idp-4.0.110090709+, isg-3.1.134269+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: IBiz E-Banking Integrator Unsafe Object ActiveX Control
This signature detects attempts to use unsafe ActiveX controls in IBiz E-Banking. An attacker can create a malicious Web site containing Web pages with dangerous ActiveX controls, which if accessed by a victim, allows the attacker to gain control of the victim's client browser, resulting in a user-level arbitrary code execution.
Extended Description
An IBiz E-Banking Integrator ActiveX control is prone to a vulnerability that allows attackers to create or overwrite arbitrary data with the privileges of the application using the control (typically Internet Explorer). Successful exploits can compromise affected computers or cause denial-of-service conditions; other attacks are possible. IBiz E-Banking Integrator 2.0 is vulnerable; other versions may also be affected.
Affected Products
- /n software IBiz E-Banking Integrator 2.0
References
- BugTraq: 28700
- CVE: CVE-2008-1725