Signature Detail

HTTP: Microsoft Visual FoxPro ActiveX Vulnerability

This signature detects attempts to exploit a known vulnerability in Microsoft Visual FoxPro. Attackers can create malicious Web pages containing dangerous ActiveX calls, which if accessed by a victim, can allow the attacker to gain control of the target system.

Extended Description

Microsoft Visual FoxPro ActiveX control is prone to a stack-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts likely result in denial-of-service conditions. Microsoft Visual FoxPro 6.0 is vulnerable to this issue; other versions may also be affected.

Affected Products

• Hp storage_management_appliance 2.1
• Microsoft internet_explorer 5.0.1
• Microsoft internet_explorer 6.0
• Microsoft internet_explorer 6.0 SP1
• Microsoft internet_explorer 7.0
• Microsoft visual_foxpro 6.0
• Nortel_networks callpilot 1002Rp
• Nortel_networks callpilot 200I
• Nortel_networks callpilot 201I
• Nortel_networks callpilot 702T
• Nortel_networks callpilot 703T
• Nortel_networks centrex_ip_client_manager 10.0
• Nortel_networks centrex_ip_client_manager 9.0
• Nortel_networks contact_center
• Nortel_networks contact_center_express
• Nortel_networks contact_center_manager_server
• Nortel_networks contact_center_ncc

References

• BugTraq: 25571
• CVE: CVE-2007-4790
• URL: http://www.sans.org/newsletters/risk/display.php?v=7&i=37&rss=Y#widely4
• URL: http://www.microsoft.com/technet/security/bulletin/MS07-010.mspx
• URL: http://www.milw0rm.com/exploits/4369