Signature Detail

HTTP: Microsoft Internet Explorer Image Tag Unsafe Activex

This signature detects attempts to use unsafe ActiveX controls against Microsoft Internet Explorer. An attacker can create a malicious Web site containing Web pages with dangerous ActiveX controls, which if accessed by a victim, allows the attacker to gain control of the victim's client browser.

Extended Description

A vulnerability exists in Microsoft Internet Explorer that may permit a malicious Web page to hijack mouse events. This could potentially be exploited to trick an unsuspecting user into performing unintended actions such as approving pop-up dialogs. The method caching variant of this attack is also reported to work. This is similar to the vulnerability described in BID 9108. This issue could potentially be exploited to execute arbitrary code or be used in other attacks.

Affected Products

• Avaya DefinityOne Media Servers
• Avaya IP600 Media Servers
• Avaya Modular Messaging (MSS) 1.1.0
• Avaya Modular Messaging (MSS) 2.0.0
• Avaya S3400 Message Application Server
• Avaya S8100 Media Servers
• Microsoft Internet Explorer 5.0.1
• Microsoft Internet Explorer 5.0.1 SP1
• Microsoft Internet Explorer 5.0.1 SP2
• Microsoft Internet Explorer 5.0.1 SP3
• Microsoft Internet Explorer 5.0.1 SP4
• Microsoft Internet Explorer 5.5
• Microsoft Internet Explorer 5.5 SP1
• Microsoft Internet Explorer 5.5 SP2
• Microsoft Internet Explorer 6.0
• Microsoft Internet Explorer 6.0 SP1

References

• BugTraq: 10690
• CVE: CVE-2004-0841