Signature Detail

HTTP: Dangerous ClassID in ActiveX Object Type 151

This signature detects attempts to exploit a known vulnerability against Internet Explorer. An attacker can create a malicious Web site containing dangerous ActiveX CLSID references, which if accessed by a victim, allows the attacker to gain control of victim's client browsers.

Extended Description

Microsoft Internet Explorer is prone to a memory corruption vulnerability that is related to the instantiation of COM objects. COM objects may corrupt system memory and facilitate arbitrary code execution in the context of the currently logged in user on the affected computer.

Affected Products

• Avaya definityone_media_servers R10
• Avaya definityone_media_servers R11
• Avaya definityone_media_servers R12
• Avaya definityone_media_servers R6
• Avaya definityone_media_servers R7
• Avaya definityone_media_servers R8
• Avaya definityone_media_servers R9
• Avaya definityone_media_servers
• Avaya ip600_media_servers R10
• Avaya ip600_media_servers R11
• Avaya ip600_media_servers R12
• Avaya ip600_media_servers R6
• Avaya ip600_media_servers R7
• Avaya ip600_media_servers R8
• Avaya ip600_media_servers R9
• Avaya ip600_media_servers
• Avaya modular_messaging_(mas)
• Avaya s8100_media_servers R10
• Avaya s8100_media_servers R11
• Avaya s8100_media_servers R12
• Avaya s8100_media_servers R6
• Avaya s8100_media_servers R7
• Avaya s8100_media_servers R8
• Avaya s8100_media_servers R9
• Avaya s8100_media_servers
• Avaya unified_communications_center_s3400
• Microsoft internet_explorer 5.0.1
• Microsoft internet_explorer 5.0.1 SP1
• Microsoft internet_explorer 5.0.1 SP2
• Microsoft internet_explorer 5.0.1 SP3
• Microsoft internet_explorer 5.0.1 SP4
• Microsoft internet_explorer 5.5
• Microsoft internet_explorer 5.5 SP1
• Microsoft internet_explorer 5.5 SP2
• Microsoft internet_explorer 6.0
• Microsoft internet_explorer 6.0 SP1

References

• BugTraq: 15827
• CVE: CVE-2005-2831
• URL: http://www.microsoft.com/technet/security/Bulletin/MS05-054.mspx