Signature Detail
This site is deprecated. Please CLICK HERE for latest updates
Short Name |
HTTP:STC:ACTIVEX:WMP-SCRIPT |
|---|---|
Severity |
Minor |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Microsoft Windows Media Player Unsafe ActiveX Control |
Release Date |
2012/12/17 |
Update Number |
2211 |
Supported Platforms |
idp-4.0.110090709+, isg-3.1.134269+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
HTTP: Microsoft Windows Media Player Unsafe ActiveX Control
This signature detects attempts to use unsafe ActiveX control in the Microsoft Windows Media Player. An attacker can create a malicious Web site containing Web pages with dangerous ActiveX controls, which if accessed by a victim, allows the attacker to gain control of the victim's client browser.
Extended Description
Microsoft Windows Media Player is prone to multiple information-disclosure vulnerabilities because it fails to properly restrict access to certain functionality when handling media files. An attacker can exploit these vulnerabilities to obtain information that may aid in further attacks.
Affected Products
- Microsoft windows_media_player 11
References
- BugTraq: 35335
- BugTraq: 12031
- BugTraq: 12032
- BugTraq: 39351
- CVE: CVE-2004-1324
- CVE: CVE-2004-1325
- CVE: CVE-2010-0268