Short Name |
HTTP:STC:ACTIVEX:NETSPRINTTBAR |
---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
NetSprint Toolbar Unsafe ActiveX Control |
Release Date |
2012/12/18 |
Update Number |
2211 |
Supported Platforms |
idp-4.0.110090709+, isg-3.1.134269+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
This signature detects attempts to use unsafe ActiveX controls in the NetSprint Toolbar. An attacker can create a malicious Web site containing Web pages with dangerous ActiveX controls, which if accessed by a victim, allows the attacker to gain control of the victim's client browser, resulting in a user-level arbitrary code execution.
NetSprint Toolbar ActiveX control is prone to a denial-of-service vulnerability. Exploiting this issue allows remote attackers to crash applications that employ the vulnerable controls (typically Microsoft Internet Explorer). Attackers may potentially be able to exploit this issue to execute code, but this has not been confirmed. NetSprint Toolbar ActiveX Control 1.1 is vulnerable to this issue; other versions may also be vulnerable.