Signature Detail
Short Name |
HTTP:STC:ACTIVEX:OFFICE-VIEWER |
|---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Office Viewer Component ActiveX Control Arbitrary File Overwrite |
Release Date |
2012/11/05 |
Update Number |
2200 |
Supported Platforms |
idp-4.0.110090709+, isg-3.1.134269+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: Office Viewer Component ActiveX Control Arbitrary File Overwrite
This signature detects attempts to use unsafe ActiveX controls in the Office Viewer Component. An attacker can create a malicious Web site containing Web pages with dangerous ActiveX controls, which if accessed by a victim, allows the attacker to gain control of the victim's client browser to overwrite arbitrary files on the victim's computer.
Extended Description
Multiple Office OCX ActiveX controls are prone to a vulnerability that lets attackers overwrite arbitrary files. Successful exploits may result in denial-of-service conditions. Other attacks are also possible. The following ActiveX controls are vulnerable: Office Viewer OCX 3.0.1 Word Viewer OCX 3.2 PowerPoint Viewer OCX 3.1
Affected Products
- Office OCX Office Viewer OCX 3.2
- Office OCX PowerPoint Viewer OCX 3.1
- Office OCX Word Viewer OCX 3.2
References
- BugTraq: 33238