Signature Detail

Short Name	HTTP:STC:ACTIVEX:QUEST-TOAD-DBA
Severity	High
Recommended	No
Recommended Action	Drop
Category	HTTP
Keywords	Quest Toad DBA Suite for Oracle ActiveX
Release Date	2012/04/11
Update Number	2115
Supported Platforms	di-5.3+, idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

HTTP: Quest Toad DBA Suite for Oracle ActiveX

This signature detects attempts to use unsafe ActiveX controls in Quest Toad DBA Suite. An attacker can create a malicious Web site containing Web pages with dangerous ActiveX controls, which if accessed by a victim, allows the attacker to gain control of the victim's client browser.

Extended Description

Quest Toad DBA Suite for Oracle ActiveX control is prone to an arbitrary-file-overwrite vulnerability. Attackers can overwrite arbitrary files on the victim's computer in the context of the vulnerable application that is using the ActiveX control (typically Internet Explorer).

Affected Products

Quest Software Toad DBA Suite for Oracle

References

BugTraq: 52920
URL: http://support.microsoft.com/kb/240797
URL: http://www.quest.com/toad-dba-suite-for-oracle/

Signature Detail

Short Name

Severity

Recommended

Recommended Action

Category

Keywords

Release Date

Update Number

Supported Platforms

HTTP: Quest Toad DBA Suite for Oracle ActiveX

Extended Description

Affected Products

References