Short Name |
HTTP:STC:ACTIVEX:ICQPHONE-EXEC |
---|---|
Severity |
Major |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
ICQPhone SipxPhoneManager ActiveX Arbitrary Code Execution |
Release Date |
2006/11/20 |
Update Number |
1213 |
Supported Platforms |
idp-4.0.110090709+, isg-3.1.134269+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts to exploit a known vulnerability against the ICQ ICQPhone SipxPhoneManager ActiveX Control. ICQ version 5.1 is vulnerable. Successful attackers can execute remote code in the context of the logged in user.
The America Online ICQ ActiveX Control is prone to a remote code-execution vulnerability. An attacker could exploit this issue simply by sending a message to a victim ICQ user. Successful exploits could allow the attacker to execute arbitrary code. The ICQPhone.SipxPhoneManager ActiveX control with the following CLSID is affected: 54BDE6EC-F42F-4500-AC46-905177444300