Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

This site is deprecated. Please CLICK HERE for latest updates

Short Name

 HTTP:STC:CLSID:ACTIVEX:VML-AX

Severity

 Major

Recommended

 No

Recommended Action

 Drop

Category

 HTTP

Keywords

 VMLRender ActiveX

Release Date

 2007/11/15

Update Number

 1213

Supported Platforms

 di-5.3+, idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+

HTTP: VMLRender ActiveX


This signature detects attempts to exploit a known vulnerability in Microsoft Internet Explorer. Attackers can create malicious Web pages containing dangerous Class ID, which if accessed by a victim, allows the attacker to gain control of the victim's client browser.

Extended Description

Microsoft Windows is prone to a buffer-overrun vulnerability that arises because of an error in the processing of Vector Markup Language documents. An attacker can exploit this issue to execute arbitrary code within the context of the affected application.

Affected Products

  • Avaya messaging_application_server
  • Avaya s8100_media_servers R10
  • Avaya s8100_media_servers R11
  • Avaya s8100_media_servers R12
  • Avaya s8100_media_servers R6
  • Avaya s8100_media_servers R7
  • Avaya s8100_media_servers R8
  • Avaya s8100_media_servers R9
  • Avaya s8100_media_servers
  • Hp storage_management_appliance 2.1
  • Microsoft internet_explorer 5.0.1
  • Microsoft internet_explorer 5.0.1 SP1
  • Microsoft internet_explorer 5.0.1 SP2
  • Microsoft internet_explorer 5.0.1 SP3
  • Microsoft internet_explorer 5.0.1 SP4
  • Microsoft internet_explorer 6.0
  • Microsoft internet_explorer 6.0 SP1
  • Microsoft internet_explorer 7.0
  • Microsoft internet_explorer 7.0 Beta1
  • Microsoft internet_explorer 7.0 Beta2
  • Microsoft internet_explorer 7.0 Beta3
  • Microsoft windows_2000_advanced_server SP1
  • Microsoft windows_2000_advanced_server SP2
  • Microsoft windows_2000_advanced_server SP3
  • Microsoft windows_2000_advanced_server SP4
  • Microsoft windows_2000_advanced_server
  • Microsoft windows_2000_datacenter_server SP1
  • Microsoft windows_2000_datacenter_server SP2
  • Microsoft windows_2000_datacenter_server SP3
  • Microsoft windows_2000_datacenter_server SP4
  • Microsoft windows_2000_datacenter_server
  • Microsoft windows_2000_professional SP1
  • Microsoft windows_2000_professional SP2
  • Microsoft windows_2000_professional SP3
  • Microsoft windows_2000_professional SP4
  • Microsoft windows_2000_professional
  • Microsoft windows_2000_server SP1
  • Microsoft windows_2000_server SP2
  • Microsoft windows_2000_server SP3
  • Microsoft windows_2000_server SP4
  • Microsoft windows_2000_server
  • Microsoft windows_server_2003 SP2
  • Microsoft windows_server_2003_datacenter_edition SP1
  • Microsoft windows_server_2003_datacenter_edition
  • Microsoft windows_server_2003_datacenter_edition_itanium SP1
  • Microsoft windows_server_2003_datacenter_edition_itanium
  • Microsoft windows_server_2003_datacenter_x64_edition SP2
  • Microsoft windows_server_2003_datacenter_x64_edition
  • Microsoft windows_server_2003_enterprise_edition SP1
  • Microsoft windows_server_2003_enterprise_edition
  • Microsoft windows_server_2003_enterprise_edition_itanium SP1
  • Microsoft windows_server_2003_enterprise_edition_itanium
  • Microsoft windows_server_2003_enterprise_x64_edition SP2
  • Microsoft windows_server_2003_enterprise_x64_edition
  • Microsoft windows_server_2003_itanium SP2
  • Microsoft windows_server_2003_standard_edition SP1
  • Microsoft windows_server_2003_standard_edition SP2
  • Microsoft windows_server_2003_standard_edition
  • Microsoft windows_server_2003_standard_x64_edition
  • Microsoft windows_server_2003_web_edition SP1
  • Microsoft windows_server_2003_web_edition SP2
  • Microsoft windows_server_2003_web_edition
  • Microsoft windows_server_2003_x64 SP2
  • Microsoft windows_xp
  • Microsoft windows_xp_home SP1
  • Microsoft windows_xp_home SP2
  • Microsoft windows_xp_home
  • Microsoft windows_xp_media_center_edition SP1
  • Microsoft windows_xp_media_center_edition SP2
  • Microsoft windows_xp_media_center_edition
  • Microsoft windows_xp_professional SP1
  • Microsoft windows_xp_professional SP2
  • Microsoft windows_xp_professional
  • Microsoft windows_xp_professional_x64_edition
  • Microsoft windows_xp_tablet_pc_edition SP1
  • Microsoft windows_xp_tablet_pc_edition SP2
  • Microsoft windows_xp_tablet_pc_edition
  • Nortel_networks callpilot 1002Rp
  • Nortel_networks callpilot 200I
  • Nortel_networks callpilot 201I
  • Nortel_networks callpilot 702T
  • Nortel_networks callpilot 703T
  • Nortel_networks centrex_ip_element_manager 7.0.0
  • Nortel_networks centrex_ip_element_manager 8.0.0
  • Nortel_networks centrex_ip_element_manager 9.0.0
  • Nortel_networks contact_center
  • Nortel_networks contact_center_administration
  • Nortel_networks contact_center_express
  • Nortel_networks contact_center_manager_server
  • Nortel_networks contact_center-tapi_server
  • Nortel_networks symposium_agent

References

  • BugTraq: 21930
  • CVE: CVE-2007-0024
  • URL: http://support.microsoft.com/?kbid=929969
  • URL: http://www.microsoft.com/technet/security/Bulletin/MS07-004.mspx

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out