This site is deprecated. Please
CLICK HERE for latest updates
Short Name |
HTTP:STC:ACTIVEX:MS-IE-WMS
|
Severity |
Major
|
Recommended |
No
|
Recommended Action |
Drop
|
Category |
HTTP
|
Keywords |
Microsoft WMS Arbitrary File Write Vulnerability
|
Release Date |
2007/05/08
|
Update Number |
1213
|
Supported Platforms |
di-5.3+, idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+
|
HTTP: Microsoft WMS Arbitrary File Write Vulnerability
This signature detects an issue in Windows Media Services Authoring Objects where a malicious user can write an arbitrary file on the affected system.
Extended Description
The Microsoft Windows Media Server ActiveX control is prone to a remote code-execution vulnerability.
An attacker may exploit this issue by enticing victims into opening a maliciously crafted HTML document.
Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts likely result in denial-of-service conditions.
Affected Products
- Avaya customer_interaction_express_(cie)_server 1.0
- Avaya customer_interaction_express_(cie)_user_interface 1.0
- Avaya messaging_application_server MM 2.0
- Avaya messaging_application_server MM 3.0
- Avaya messaging_application_server MM 3.1
- Avaya messaging_application_server
- Hp storage_management_appliance 2.1
- Microsoft windows_2000_professional SP1
- Microsoft windows_2000_professional SP2
- Microsoft windows_2000_professional SP3
- Microsoft windows_2000_professional SP4
- Microsoft windows_2000_professional
- Microsoft windows_2000_server SP4
- Microsoft windows_server_2003 SP1
- Microsoft windows_server_2003 SP2
- Microsoft windows_server_2003_datacenter_edition SP1
- Microsoft windows_server_2003_datacenter_edition_itanium SP1
- Microsoft windows_server_2003_datacenter_edition_itanium SP1 Beta 1
- Microsoft windows_server_2003_datacenter_edition_itanium
- Microsoft windows_server_2003_datacenter_x64_edition SP2
- Microsoft windows_server_2003_datacenter_x64_edition
- Microsoft windows_server_2003_enterprise_edition SP1
- Microsoft windows_server_2003_enterprise_edition
- Microsoft windows_server_2003_enterprise_edition_itanium SP1
- Microsoft windows_server_2003_enterprise_edition_itanium SP1 Beta 1
- Microsoft windows_server_2003_enterprise_edition_itanium
- Microsoft windows_server_2003_enterprise_x64_edition SP2
- Microsoft windows_server_2003_enterprise_x64_edition
- Microsoft windows_server_2003_itanium SP1
- Microsoft windows_server_2003_itanium SP2
- Microsoft windows_server_2003_itanium
- Microsoft windows_server_2003_standard_edition SP1
- Microsoft windows_server_2003_standard_edition SP2
- Microsoft windows_server_2003_standard_edition
- Microsoft windows_server_2003_standard_x64_edition
- Microsoft windows_server_2003_web_edition SP1
- Microsoft windows_server_2003_web_edition SP2
- Microsoft windows_server_2003_web_edition
- Microsoft windows_server_2003_x64 SP2
- Microsoft windows_vista Business
- Microsoft windows_vista Enterprise
- Microsoft windows_vista Home Basic
- Microsoft windows_vista Home Premium
- Microsoft windows_vista Ultimate
- Microsoft windows_vista
- Microsoft windows_vista_x64_edition
- Microsoft windows_xp_home SP2
- Microsoft windows_xp_media_center_edition SP2
- Microsoft windows_xp_professional SP2
- Microsoft windows_xp_professional_x64_edition SP2
- Microsoft windows_xp_professional_x64_edition
- Microsoft windows_xp_tablet_pc_edition SP2
- Nortel_networks callpilot 1002Rp
- Nortel_networks callpilot 200I
- Nortel_networks callpilot 201I
- Nortel_networks callpilot 702T
- Nortel_networks callpilot 703T
- Nortel_networks centrex_ip_client_manager
- Nortel_networks contact_center
- Nortel_networks contact_center_administration
- Nortel_networks contact_center_express
- Nortel_networks contact_center_manager
- Nortel_networks contact_center_manager_server
- Nortel_networks contact_center_multimedia
- Nortel_networks contact_center_web_client
- Nortel_networks symposium_agent
References