Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

This site is deprecated. Please CLICK HERE for latest updates

Short Name

 HTTP:STC:ACTIVEX:JBOX

Severity

 Major

Recommended

 No

Recommended Action

 Drop

Category

 HTTP

Keywords

 Yahoo! Music Jukebox ActiveX Control Access

Release Date

 2008/02/11

Update Number

 1213

Supported Platforms

 di-5.3+, idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+

HTTP: Yahoo! Music Jukebox ActiveX Control Access


This signature detects attempts to exploit a known vulnerability in Yahoo! Music Jukebox ActiveX Control. An attacker can create a malicious Web site containing Web pages with dangerous ActiveX calls, which if accessed by a victim, allows the attacker to gain control of the victim's client browser.

Extended Description

Microsoft 'hxvz.dll' ActiveX control is prone to a remote memory-corruption vulnerability. Remote attackers can exploit this issue to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Successful exploits will compromise the application and possibly the underlying computer. Failed attacks will cause denial-of-service conditions.

Affected Products

  • Hp storage_management_appliance 2.1
  • Microsoft internet_explorer 5.0.1
  • Microsoft internet_explorer 5.0.1 SP1
  • Microsoft internet_explorer 5.0.1 SP2
  • Microsoft internet_explorer 5.0.1 SP3
  • Microsoft internet_explorer 5.0.1 SP4
  • Microsoft internet_explorer 6.0
  • Microsoft internet_explorer 6.0 SP1
  • Microsoft windows_server_2003 SP1
  • Microsoft windows_server_2003 SP2
  • Microsoft windows_server_2003_datacenter_edition SP1
  • Microsoft windows_server_2003_datacenter_edition
  • Microsoft windows_server_2003_datacenter_edition_itanium SP1
  • Microsoft windows_server_2003_datacenter_edition_itanium SP1 Beta 1
  • Microsoft windows_server_2003_datacenter_edition_itanium
  • Microsoft windows_server_2003_datacenter_x64_edition SP2
  • Microsoft windows_server_2003_datacenter_x64_edition
  • Microsoft windows_server_2003_enterprise_edition SP1
  • Microsoft windows_server_2003_enterprise_edition_itanium SP1
  • Microsoft windows_server_2003_enterprise_edition_itanium SP1 Beta 1
  • Microsoft windows_server_2003_enterprise_edition_itanium
  • Microsoft windows_server_2003_enterprise_x64_edition SP2
  • Microsoft windows_server_2003_enterprise_x64_edition
  • Microsoft windows_server_2003_itanium SP1
  • Microsoft windows_server_2003_itanium SP2
  • Microsoft windows_server_2003_itanium
  • Microsoft windows_server_2003_standard_edition SP1
  • Microsoft windows_server_2003_standard_edition SP2
  • Microsoft windows_server_2003_standard_edition
  • Microsoft windows_server_2003_standard_x64_edition
  • Microsoft windows_server_2003_web_edition SP1
  • Microsoft windows_server_2003_web_edition SP2
  • Microsoft windows_server_2003_web_edition
  • Microsoft windows_server_2003_x64 SP1
  • Microsoft windows_server_2003_x64 SP2
  • Microsoft windows_server_2008_datacenter_edition Release Candidate
  • Microsoft windows_server_2008_datacenter_edition
  • Microsoft windows_server_2008_enterprise_edition Release Candidate
  • Microsoft windows_server_2008_enterprise_edition
  • Microsoft windows_server_2008_for_32-bit_systems
  • Microsoft windows_server_2008_for_itanium-based_systems
  • Microsoft windows_server_2008_for_x64-based_systems
  • Microsoft windows_server_2008_standard_edition
  • Microsoft windows_vista Business
  • Microsoft windows_vista Business SP1
  • Microsoft windows_vista Enterprise
  • Microsoft windows_vista Enterprise SP1
  • Microsoft windows_vista Home Basic
  • Microsoft windows_vista Home Basic SP1
  • Microsoft windows_vista Home Premium
  • Microsoft windows_vista Ultimate
  • Microsoft windows_vista Ultimate SP1
  • Microsoft windows_vista
  • Microsoft windows_vista_business_64-bit_edition SP1
  • Microsoft windows_vista_business_64-bit_edition
  • Microsoft windows_vista_enterprise_64-bit_edition SP1
  • Microsoft windows_vista_enterprise_64-bit_edition
  • Microsoft windows_vista_home_basic_64-bit_edition SP1
  • Microsoft windows_vista_home_basic_64-bit_edition
  • Microsoft windows_vista_home_premium_64-bit_edition SP1
  • Microsoft windows_vista_home_premium_64-bit_edition
  • Microsoft windows_vista_ultimate_64-bit_edition SP1
  • Microsoft windows_vista_ultimate_64-bit_edition
  • Microsoft windows_vista_x64_edition
  • Microsoft windows_xp_home SP1
  • Microsoft windows_xp_home SP2
  • Microsoft windows_xp_home
  • Microsoft windows_xp_media_center_edition SP1
  • Microsoft windows_xp_media_center_edition SP2
  • Microsoft windows_xp_media_center_edition
  • Microsoft windows_xp_professional SP1
  • Microsoft windows_xp_professional SP2
  • Microsoft windows_xp_professional_x64_edition SP2
  • Microsoft windows_xp_professional_x64_edition
  • Microsoft windows_xp_tablet_pc_edition SP1
  • Microsoft windows_xp_tablet_pc_edition SP2
  • Microsoft windows_xp_tablet_pc_edition
  • Nortel_networks callpilot 1002Rp
  • Nortel_networks callpilot 200I
  • Nortel_networks callpilot 201I
  • Nortel_networks callpilot 702T
  • Nortel_networks callpilot 703T

References

  • BugTraq: 28606
  • BugTraq: 27578
  • BugTraq: 27579
  • CVE: CVE-2008-1086
  • CVE: CVE-2008-0625

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out