Short Name |
HTTP:STC:CLSID:ACTIVEX:FPOLE |
---|---|
Severity |
Major |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Microsoft Visual FoxPro ActiveX Vulnerability |
Release Date |
2007/09/21 |
Update Number |
1213 |
Supported Platforms |
di-5.3+, idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts to exploit a known vulnerability in Microsoft Visual FoxPro. Attackers can create malicious Web pages containing dangerous ActiveX calls, which if accessed by a victim, can allow the attacker to gain control of the target system.
Microsoft Visual FoxPro ActiveX control is prone to a stack-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts likely result in denial-of-service conditions. Microsoft Visual FoxPro 6.0 is vulnerable to this issue; other versions may also be affected.