Short Name |
HTTP:STC:ACTIVEX:IEMOUSE-IMGTAG |
---|---|
Severity |
Major |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Microsoft Internet Explorer Image Tag Unsafe Activex |
Release Date |
2013/04/12 |
Update Number |
2254 |
Supported Platforms |
di-5.3+, idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts to use unsafe ActiveX controls against Microsoft Internet Explorer. An attacker can create a malicious Web site containing Web pages with dangerous ActiveX controls, which if accessed by a victim, allows the attacker to gain control of the victim's client browser.
A vulnerability exists in Microsoft Internet Explorer that may permit a malicious Web page to hijack mouse events. This could potentially be exploited to trick an unsuspecting user into performing unintended actions such as approving pop-up dialogs. The method caching variant of this attack is also reported to work. This is similar to the vulnerability described in BID 9108. This issue could potentially be exploited to execute arbitrary code or be used in other attacks.