Signature Detail
Short Name |
HTTP:STC:ACTIVEX:OFFICE-OCX |
|---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Office OCX Unsafe ActiveX Control |
Release Date |
2009/01/29 |
Update Number |
1360 |
Supported Platforms |
idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: Office OCX Unsafe ActiveX Control
This signature detects attempts to exploit and known vulnerability in Office OCX. An attacker can create a malicious Web site containing Web pages with dangerous ActiveX controls, which if accessed by a victim, allows the attacker to gain control of the victim's client browser.
Extended Description
Multiple Office OCX ActiveX controls are prone to a vulnerability that lets attackers execute arbitrary remote files. An attacker can exploit this issue to execute arbitrary code in the context of an application using the affected ActiveX control (typically Internet Explorer). This may aid in further attacks. The following ActiveX controls are vulnerable: Office Viewer OCX 3.0.1 Word Viewer OCX 3.2 PowerPoint Viewer OCX 3.1 Excel Viewer OCX 3.2
Affected Products
- Office OCX Excel Viewer OCX 3.2
- Office OCX Office Viewer OCX 3.0.1
- Office OCX PowerPoint Viewer OCX 3.1
- Office OCX Word Viewer OCX 3.2
References
- BugTraq: 33243
- BugTraq: 33222
- CVE: CVE-2007-2495
- URL: http://www.juniper.net/security/auto/vulnerabilities/vuln33222.html