Short Name |
HTTP:STC:ACTIVEX:QUEST-PNLLMCLI |
---|---|
Severity |
Major |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Quest vWorkspace pnllmcli.dll ActiveX |
Release Date |
2012/04/11 |
Update Number |
2115 |
Supported Platforms |
di-5.3+, idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts to use unsafe ActiveX controls in Quest vWorkspace. An attacker can create a malicious Web site containing Web pages with dangerous ActiveX controls, which if accessed by a victim, allows the attacker to gain control of the victim's client browser.
Quest vWorkspace ActiveX control is prone to an arbitrary-file-overwrite vulnerability. Attackers can overwrite arbitrary files on the victim's computer in the context of the vulnerable application that is using the ActiveX control (typically Internet Explorer). vWorkspace 7.5 is vulnerable; other versions may also be affected.