Signature Detail
Short Name |
HTTP:STC:ACTIVEX:JETAUDIO-DIR |
|---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Cowon jetAudio ActiveX Directory Traversal |
Release Date |
2010/08/31 |
Update Number |
1763 |
Supported Platforms |
idp-4.0.110090709+, isg-3.1.134269+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: Cowon jetAudio ActiveX Directory Traversal
This signature detects attempts to use unsafe ActiveX controls in Cowon jetAudio. An attacker can create a malicious Web site containing Web pages with dangerous ActiveX controls, which if accessed by a victim, allows the attacker to save file at arbitrary place accessible by the victim's client browser.
Extended Description
jetAudio is prone to a vulnerability that lets attackers overwrite arbitrary files. The problem stems from an insecure method caused by a design error in the affected application. An attacker can exploit this issue to overwrite arbitrary files on the victim's computer in the context of the vulnerable application using the ActiveX control (typically Internet Explorer). This issue affects jetAudio 7.0.3 Basic; other versions may also be affected.
Affected Products
- COWON America jetAudio Basic 7.0.3
References
- BugTraq: 25723
- CVE: CVE-2007-4983