Signature Detail
Short Name |
HTTP:STC:ACTIVEX:NETSPRINTTBAR |
|---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
NetSprint Toolbar Unsafe ActiveX Control |
Release Date |
2012/12/18 |
Update Number |
2211 |
Supported Platforms |
idp-4.0.110090709+, isg-3.1.134269+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: NetSprint Toolbar Unsafe ActiveX Control
This signature detects attempts to use unsafe ActiveX controls in the NetSprint Toolbar. An attacker can create a malicious Web site containing Web pages with dangerous ActiveX controls, which if accessed by a victim, allows the attacker to gain control of the victim's client browser, resulting in a user-level arbitrary code execution.
Extended Description
NetSprint Toolbar ActiveX control is prone to a denial-of-service vulnerability. Exploiting this issue allows remote attackers to crash applications that employ the vulnerable controls (typically Microsoft Internet Explorer). Attackers may potentially be able to exploit this issue to execute code, but this has not been confirmed. NetSprint Toolbar ActiveX Control 1.1 is vulnerable to this issue; other versions may also be vulnerable.
Affected Products
- NetSprint NetSprint Toolbar 1.1
References
- BugTraq: 23530
- CVE: CVE-2007-2678