Signature Detail

Short Name	HTTP:STC:ACTIVEX:UBISOFT-UPLAY
Severity	High
Recommended	No
Recommended Action	Drop
Category	HTTP
Keywords	Ubisoft Uplay Plugin Unsafe ActiveX Control
Release Date	2013/09/02
Update Number	2295
Supported Platforms	idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

HTTP: Ubisoft Uplay Plugin Unsafe ActiveX Control

This signature detects attempts to use unsafe ActiveX controls in Ubisoft Uplay. An attacker can create a malicious Web site containing Web pages with dangerous ActiveX controls, which if accessed by a victim, allows the attacker to gain control of the victim's client browser.

Extended Description

The web browser plugin for Ubisoft Uplay PC before 2.0.4 allows remote attackers to execute arbitrary programs via the -orbit_exe_path command line argument.

Affected Products

ubi uplay_pc 2.0
ubi uplay_pc 2.0.1
ubi uplay_pc 2.0.2
ubi uplay_pc up to 2.0.3

References

CVE: CVE-2012-4177

Signature Detail

Short Name

Severity

Recommended

Recommended Action

Category

Keywords

Release Date

Update Number

Supported Platforms

HTTP: Ubisoft Uplay Plugin Unsafe ActiveX Control

Extended Description

Affected Products

References