Signature Detail
This site is deprecated. Please CLICK HERE for latest updates
Short Name |
HTTP:STC:ACTIVEX:IEMOUSE-IMGTAG |
|---|---|
Severity |
Major |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Microsoft Internet Explorer Image Tag Unsafe Activex |
Release Date |
2013/04/12 |
Update Number |
2254 |
Supported Platforms |
di-5.3+, idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
HTTP: Microsoft Internet Explorer Image Tag Unsafe Activex
This signature detects attempts to use unsafe ActiveX controls against Microsoft Internet Explorer. An attacker can create a malicious Web site containing Web pages with dangerous ActiveX controls, which if accessed by a victim, allows the attacker to gain control of the victim's client browser.
Extended Description
A vulnerability exists in Microsoft Internet Explorer that may permit a malicious Web page to hijack mouse events. This could potentially be exploited to trick an unsuspecting user into performing unintended actions such as approving pop-up dialogs. The method caching variant of this attack is also reported to work. This is similar to the vulnerability described in BID 9108. This issue could potentially be exploited to execute arbitrary code or be used in other attacks.
Affected Products
- Avaya definityone_media_servers
- Avaya ip600_media_servers
- Avaya modular_messaging_(mss) 1.1.0
- Avaya modular_messaging_(mss) 2.0.0
- Avaya s3400_message_application_server
- Avaya s8100_media_servers
- Microsoft internet_explorer 5.0.1
- Microsoft internet_explorer 5.0.1 SP1
- Microsoft internet_explorer 5.0.1 SP2
- Microsoft internet_explorer 5.0.1 SP3
- Microsoft internet_explorer 5.0.1 SP4
- Microsoft internet_explorer 5.5
- Microsoft internet_explorer 5.5 SP1
- Microsoft internet_explorer 5.5 SP2
- Microsoft internet_explorer 6.0
- Microsoft internet_explorer 6.0 SP1
References
- BugTraq: 10690
- CVE: CVE-2004-0841