Signature Detail
Short Name |
HTTP:STC:ACTIVEX:PICTUREPUSHER |
|---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Microsoft PicturePusher PipPPush.dll Unsafe ActiveX Control |
Release Date |
2012/11/10 |
Update Number |
2202 |
Supported Platforms |
di-5.3+, idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: Microsoft PicturePusher PipPPush.dll Unsafe ActiveX Control
This signature detects attempts to use an unsafe ActiveX control in the Microsoft PicturePusher. An attacker can create a malicious Web site containing Web pages with dangerous ActiveX controls, which if accessed by a victim, allows the attacker to gain control of the victim's client browser.
Extended Description
Microsoft PicturePusher ActiveX control in 'PipPPush.dll' is prone to a vulnerability that lets attackers download arbitrary files. Attackers may exploit this issue by enticing victims into visiting a maliciously crafted webpage. Successful exploits will allow remote attackers to download files from arbitrary locations to the affected computer. The affected ActiveX control may be a component of Microsoft Digital Image 2006 Starter Edition. 'PipPPush.dll' 7.00.0709 is vulnerable; other versions may also be affected.
Affected Products
- Microsoft Digital Image Suite 2006
- Microsoft PipPPush.dll 7.00.0709
References
- BugTraq: 31632
- CVE: CVE-2008-4493