Signature Detail
Short Name |
HTTP:STC:ACTIVEX:JNPR-SSL-VPN |
|---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Juniper SSL-VPN Client ActiveX Control |
Release Date |
2011/10/26 |
Update Number |
2017 |
Supported Platforms |
idp-4.0.110090709+, isg-3.1.134269+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: Juniper SSL-VPN Client ActiveX Control
This signature detects attempts to use unsafe ActiveX controls in Juniper SSL-VPN Client. An attacker can create a malicious Web site containing Web pages with dangerous ActiveX controls, which if accessed by a victim, allows the attacker to gain control of the client application.
Extended Description
Juniper SSL-VPN Client ActiveX control is prone to a buffer-overflow vulnerability. The software fails to perform sufficient bounds-checking of user-supplied input before copying it to an insufficiently sized memory buffer. Invoking the object from a malicious website may trigger the condition. If the vulnerability were successfully exploited, this would corrupt process memory, resulting in arbitrary code execution. Arbitrary code would be executed in the context of the client application.
Affected Products
- Juniper Networks SSL-VPN Client
References
- BugTraq: 17712
- CVE: CVE-2006-2086