Short Name |
HTTP:STC:ACTIVEX:OFFICE-OCX |
---|---|
Severity |
Major |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Office OCX Unsafe ActiveX Control |
Release Date |
2009/01/29 |
Update Number |
1360 |
Supported Platforms |
idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts to exploit and known vulnerability in Office OCX. An attacker can create a malicious Web site containing Web pages with dangerous ActiveX controls, which if accessed by a victim, allows the attacker to gain control of the victim's client browser.
Multiple Office OCX ActiveX controls are prone to a vulnerability that lets attackers execute arbitrary remote files. An attacker can exploit this issue to execute arbitrary code in the context of an application using the affected ActiveX control (typically Internet Explorer). This may aid in further attacks. The following ActiveX controls are vulnerable: Office Viewer OCX 3.0.1 Word Viewer OCX 3.2 PowerPoint Viewer OCX 3.1 Excel Viewer OCX 3.2