Signature Detail
This site is deprecated. Please CLICK HERE for latest updates
Short Name |
HTTP:STC:ACTIVEX:OFFICEVIEW-DOS |
|---|---|
Severity |
Minor |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Office Viewer 'OA.ocx' ActiveX Unsafe Method Denial of Service |
Release Date |
2011/07/27 |
Update Number |
1963 |
Supported Platforms |
idp-4.0.110090709+, isg-3.1.134269+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
HTTP: Office Viewer 'OA.ocx' ActiveX Unsafe Method Denial of Service
This signature detects attempts to use unsafe ActiveX controls in Office Viewer. An attacker can create a malicious Web site containing Web pages with dangerous ActiveX controls, which if accessed by a victim, allows the attacker to carry out a denial of service attack against the victim's client browser.
Extended Description
Office Viewer ActiveX control is prone to multiple denial-of-service vulnerabilities. Exploiting these issues allows remote attackers to crash applications that employ the vulnerable control (typically Microsoft Internet Explorer). Office Viewer ActiveX Control 3.2.0.5 is reported vulnerable to these issues; other versions may also be affected.
Affected Products
- Office_ocx office_viewer 3.2
- Office_ocx office_viewer 3.2.0.5
- Paltalk paltalk_messenger 10.0
References
- BugTraq: 23811
- BugTraq: 33238
- BugTraq: 33243
- BugTraq: 33245
- CVE: CVE-2009-0382
- CVE: CVE-2007-2588
- URL: http://www.officeocx.com/OfficeActiveX.htm
- URL: http://moaxb.blogspot.com/2007/05/moaxb-04-office-viewer-oaocx-v-32.html