Signature Detail
This site is deprecated. Please CLICK HERE for latest updates
Short Name |
HTTP:STC:CLSID:ACTIVEX:CREATEOB |
|---|---|
Severity |
Major |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Internet Explorer CreateObject ActiveX Vulnerability |
Release Date |
2007/10/09 |
Update Number |
1213 |
Supported Platforms |
idp-4.0.110090709+, isg-3.1.134269+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
HTTP: Internet Explorer CreateObject ActiveX Vulnerability
This signature detects attempts to exploit a known vulnerability in Internet Explorer. An attacker can create malicious Web pages containing dangerous ActiveX calls, which if accessed by a victim, allows the attacker to gain control of the victim's client browser.
Extended Description
The Microsoft MDAC RDS.Dataspace ActiveX control is vulnerable to remote code execution. An attacker could exploit this issue to execute code in the context of the user visiting a malicious web page.
Affected Products
- Hitachi da_broker_for_odbc 01-00
- Hitachi da_broker_for_odbc 01-02
- Hitachi dbpartner2_client 01-00
- Hitachi dbpartner2_client 01-05
- Hitachi dbpartner2_client 01-12
- Hitachi dbpartner_odbc 01-00
- Hitachi dbpartner_odbc 01-03
- Hitachi dbpartner_odbc 01-06
- Hitachi dbpartner_odbc 01-11
- Hitachi hitsenser5 01-00
- Hitachi hitsenser5 01-10
- Hitachi hitsenser5 02-80
- Microsoft data_access_components_(mdac) 2.5 SP3
- Microsoft data_access_components_(mdac) 2.7
- Microsoft data_access_components_(mdac) 2.7 SP1
- Microsoft data_access_components_(mdac) 2.8
- Microsoft data_access_components_(mdac) 2.8 SP1
- Microsoft data_access_components_(mdac) 2.8 SP2
References
- BugTraq: 17462
- CVE: CVE-2006-0003