Signature Detail
Short Name |
HTTP:STC:ACTIVEX:EMV-PIXTOOLS |
|---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
EMC Captiva PixTools Distributed Imaging File Creation |
Release Date |
2010/10/11 |
Update Number |
1789 |
Supported Platforms |
idp-4.0.110090709+, isg-3.1.134269+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: EMC Captiva PixTools Distributed Imaging File Creation
This signature detects attempts to exploit a known vulnerability in EMC Captiva PixTools. An attacker can create a Web site with Web pages containing dangerous ActiveX objects and commands, which if accessed by a victim, allows the attacker to gain control of the victim's client browser.
Extended Description
The EMC Captiva PixTools Distributed Imaging ActiveX control is prone to multiple insecure-method vulnerabilities that affect the PDIControl.PDI.1 ActiveX control (PDIControl.dll). Successfully exploiting these issues allows remote attackers to create or overwrite arbitrary local files, which may lead to arbitrary code execution. PDIControl.dll 2.2.3160.0 is vulnerable; other versions may also be affected.
Affected Products
- EMC Captiva eInput 1.1
- EMC Captiva eInput 2.0
- EMC Captiva eInput 2.1
- EMC Captiva PixTools 2.2
- EMC PDIControl.dll 2.2.3160.0
- EMC Pixtool Distributed Imaging 2.2
References
- BugTraq: 36566