Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

Short Name

 HTTP:STC:ACTIVEX:MS-OWC

Severity

 High

Recommended

 No

Recommended Action

 Drop

Category

 HTTP

Keywords

 Microsoft Office Web Components Activex

Release Date

 2011/07/15

Update Number

 1956

Supported Platforms

 idp-4.0.110090709+, isg-3.1.134269+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

HTTP: Microsoft Office Web Components Activex


This signature detects attempts to use unsafe ActiveX controls in Microsoft Office Web Components. An attacker can create a malicious Web site containing Web pages with dangerous ActiveX controls, which if accessed by a victim, allows the attacker to gain control of the victim's client browser.

Extended Description

Microsoft Office Web Components (OWC) are a collection of ActiveX objects which provide limited Office functionality to web pages. OWC is installed by default with both Office 2000 and Office XP. A vulnerability has been reported within some versions of the OWC Spreadsheet component. It is possible for a web page using this component to read the content of any known local file.

Affected Products

  • Microsoft Office Web Components 2000
  • Microsoft Office Web Components 2002
  • Microsoft Project 2000
  • Microsoft Project 2002
  • Microsoft Project 2002

References

  • BugTraq: 4449
  • BugTraq: 4453
  • BugTraq: 4457
  • CVE: CVE-2006-3868
  • CVE: CVE-2002-0861
  • CVE: CVE-2002-0727
  • CVE: CVE-2002-0860

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out