This site is deprecated. Please
CLICK HERE for latest updates
Short Name |
HTTP:STC:CLSID:ACTIVEX:AX-41
|
Severity |
Major
|
Recommended |
No
|
Recommended Action |
Drop
|
Category |
HTTP
|
Keywords |
Dangerous ClassID in ActiveX Object Type 41
|
Release Date |
2005/08/17
|
Update Number |
1213
|
Supported Platforms |
idp-4.0.110090709+, isg-3.1.134269+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+
|
HTTP: Dangerous ClassID in ActiveX Object Type 41
This signature detects Web pages containing dangerous ActiveX CLSID references. Malicious Web sites can exploit a known vulnerability in Internet Explorer and gain control of client browsers.
Extended Description
Microsoft Internet Explorer is prone to a buffer overflow vulnerability that is related to instantiation of COM objects.
Successful exploitation could let remote attackers execute arbitrary code in the context of the currently logged in user on the affected computer.
This is a variant of the vulnerability described in BID 14511 Microsoft Internet Explorer COM Object Instantiation Buffer Overflow Vulnerability. The difference between this issue and BID 14511 is that a different set of COM objects are affected that were not addressed in the previous BID.
Affected Products
- Ati catalyst_driver
- Avaya definityone_media_servers R10
- Avaya definityone_media_servers R11
- Avaya definityone_media_servers R12
- Avaya definityone_media_servers R6
- Avaya definityone_media_servers R7
- Avaya definityone_media_servers R8
- Avaya definityone_media_servers R9
- Avaya definityone_media_servers
- Avaya ip600_media_servers R10
- Avaya ip600_media_servers R11
- Avaya ip600_media_servers R12
- Avaya ip600_media_servers R6
- Avaya ip600_media_servers R7
- Avaya ip600_media_servers R8
- Avaya ip600_media_servers R9
- Avaya ip600_media_servers
- Avaya s3400_message_application_server
- Avaya s8100_media_servers R10
- Avaya s8100_media_servers R11
- Avaya s8100_media_servers R12
- Avaya s8100_media_servers R6
- Avaya s8100_media_servers R7
- Avaya s8100_media_servers R8
- Avaya s8100_media_servers R9
- Avaya s8100_media_servers
- Avaya unified_communication_center
- Microsoft internet_explorer 5.0
- Microsoft internet_explorer 5.0.1
- Microsoft internet_explorer 5.0.1 SP1
- Microsoft internet_explorer 5.0.1 SP2
- Microsoft internet_explorer 5.0.1 SP3
- Microsoft internet_explorer 5.0.1 SP4
- Microsoft internet_explorer 5.5
- Microsoft internet_explorer 5.5 SP1
- Microsoft internet_explorer 5.5 SP2
- Microsoft internet_explorer 6.0
- Microsoft internet_explorer 6.0 SP1
- Microsoft .net_framework 1.1
- Microsoft .net_framework 1.1 SP1
- Microsoft .net_framework 1.1 SP2
- Microsoft .net_framework 1.1 SP3
- Microsoft office_2000 SP1
- Microsoft office_2000 SP2
- Microsoft office_2000 SP3
- Microsoft office_2000
- Microsoft office_xp SP1
- Microsoft office_xp SP2
- Microsoft office_xp SP3
- Microsoft office_xp_developer_edition
- Microsoft project_2000
- Microsoft project_2002 SP1
- Microsoft project_2002
- Microsoft project_2002
- Microsoft project_2003 SP1
- Microsoft project_2003
- Microsoft project_98
- Microsoft publisher_99
- Microsoft visio_2002 SP1
- Microsoft visio_2002 SP2
- Microsoft visio_2002
- Microsoft visio_2002_professional SP2
- Microsoft visio_2003 SP1
- Microsoft visio_2003
- Nortel_networks callpilot 3.0.0
- Nortel_networks callpilot 4.0.0
- Nortel_networks centrex_ip_client_manager 2.5.0
- Nortel_networks centrex_ip_client_manager 7.0.0
- Nortel_networks centrex_ip_client_manager 8.0.0
- Nortel_networks centrex_ip_client_manager
- Nortel_networks centrex_ip_element_manager 2.5.0
- Nortel_networks centrex_ip_element_manager 7.0.0
- Nortel_networks centrex_ip_element_manager 8.0.0
References