Short Name |
HTTP:STC:ACTIVEX:QUEST-INTRUST |
---|---|
Severity |
Major |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Quest InTrust ArDoc.dll ActiveX |
Release Date |
2012/04/11 |
Update Number |
2115 |
Supported Platforms |
di-5.3+, idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts to use unsafe ActiveX controls in the Quest InTrust ArDoc.dll. An attacker can create a malicious Web site containing Web pages with dangerous ActiveX controls, which if accessed by a victim, allows the attacker to gain control of the victim's client browser.
Quest InTrust is prone to multiple insecure-method vulnerabilities. Successfully exploiting this issue will allow attackers to create or overwrite files within the context of the affected application (typically Internet Explorer) that uses the ActiveX control. Attackers may be able to execute arbitrary code with user-level privileges. Quest InTrust 10.4.X is vulnerable; other versions may also be affected.