Short Name |
HTTP:STC:ACTIVEX:OFFICEVIEW-DOS |
---|---|
Severity |
Minor |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Office Viewer 'OA.ocx' ActiveX Unsafe Method Denial of Service |
Release Date |
2011/07/27 |
Update Number |
1963 |
Supported Platforms |
idp-4.0.110090709+, isg-3.1.134269+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts to use unsafe ActiveX controls in Office Viewer. An attacker can create a malicious Web site containing Web pages with dangerous ActiveX controls, which if accessed by a victim, allows the attacker to carry out a denial of service attack against the victim's client browser.
Office Viewer ActiveX control is prone to multiple denial-of-service vulnerabilities. Exploiting these issues allows remote attackers to crash applications that employ the vulnerable control (typically Microsoft Internet Explorer). Office Viewer ActiveX Control 3.2.0.5 is reported vulnerable to these issues; other versions may also be affected.