Signature Detail
Short Name |
HTTP:STC:ACTIVEX:OFFICEVIEW-DOS |
|---|---|
Severity |
Medium |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Office Viewer 'OA.ocx' ActiveX Unsafe Method Denial of Service |
Release Date |
2011/07/27 |
Update Number |
1963 |
Supported Platforms |
idp-4.0.110090709+, isg-3.1.134269+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: Office Viewer 'OA.ocx' ActiveX Unsafe Method Denial of Service
This signature detects attempts to use unsafe ActiveX controls in Office Viewer. An attacker can create a malicious Web site containing Web pages with dangerous ActiveX controls, which if accessed by a victim, allows the attacker to carry out a denial of service attack against the victim's client browser.
Extended Description
Office Viewer ActiveX control is prone to multiple denial-of-service vulnerabilities. Exploiting these issues allows remote attackers to crash applications that employ the vulnerable control (typically Microsoft Internet Explorer). Office Viewer ActiveX Control 3.2.0.5 is reported vulnerable to these issues; other versions may also be affected.
Affected Products
- Office OCX Office Viewer 3.2
- Office OCX Office Viewer 3.2.0.5
- PalTalk PalTalk Messenger 10.0
References
- BugTraq: 33243
- BugTraq: 33238
- BugTraq: 23811
- BugTraq: 33245
- CVE: CVE-2009-0382
- CVE: CVE-2007-2588
- URL: http://moaxb.blogspot.com/2007/05/moaxb-04-office-viewer-oaocx-v-32.html
- URL: http://www.officeocx.com/OfficeActiveX.htm