This site is deprecated. Please
CLICK HERE for latest updates
Short Name |
HTTP:STC:ACTIVEX:XML-CORE-3-0
|
Severity |
Major
|
Recommended |
No
|
Category |
HTTP
|
Keywords |
Microsoft XML Core Services 3.0 ActiveX Control
|
Release Date |
2008/11/11
|
Update Number |
1307
|
Supported Platforms |
idp-4.0.110090709+, isg-3.1.134269+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+
|
HTTP: Microsoft XML Core Services 3.0 ActiveX Control
This signature detects attempts to exploit a known vulnerability in Microsoft XML Core Services 3.0. An attacker can create a malicious Web site containing dangerous ActiveX controls, which if accessed by a victim, allows the attacker to cause a buffer overflow and perform arbitrary remote code execution within the context of the user.
Extended Description
Microsoft XML Core Services (MSXML) is prone to a cross-domain information-disclosure vulnerability because the application fails to properly handle certain error checks.
An attacker can exploit this issue to harvest potentially sensitive information from a web page in another domain. Information obtained may aid in further attacks.
Affected Products
- Avaya messaging_application_server MM 1.1
- Avaya messaging_application_server MM 2.0
- Avaya messaging_application_server MM 3.0
- Avaya messaging_application_server MM 3.1
- Avaya messaging_application_server
- Hp storage_management_appliance 2.1
- Microsoft windows_7_for_32-bit_systems
- Microsoft windows_7_for_x64-based_systems
- Microsoft windows_server_2008_for_itanium-based_systems R2
- Microsoft windows_server_2008_for_x64-based_systems R2
- Microsoft xml_core_services 3.0
- Microsoft xml_core_services 4.0
- Nortel_networks callpilot 1005R
- Nortel_networks callpilot 201I
- Nortel_networks callpilot 600R
- Nortel_networks callpilot 703T
- Nortel_networks contact_center_express
- Nortel_networks contact_center_manager
- Nortel_networks contact_center_manager_server
- Nortel_networks contact_center_ncc
- Nortel_networks contact_center-tapi_server
- Nortel_networks self-service-ccss7
- Nortel_networks self-service_ccxml
- Nortel_networks self-service_media_processing_server
- Nortel_networks self-service_mps_100
- Nortel_networks self-service_mps_1000
- Nortel_networks self-service_mps_500
- Nortel_networks self-service_peri_application
- Nortel_networks self-service_peri_workstation
- Nortel_networks self-service_speech_server
- Nortel_networks self_service_voicexml
- Nortel_networks self-service_wvads
- Nortel_networks symposium_agent
References