Signature Detail
Short Name |
HTTP:STC:ACTIVEX:VIELIB |
|---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Vmware VIELIB.DLL Unsafe ActiveX Control |
Release Date |
2007/11/15 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: Vmware VIELIB.DLL Unsafe ActiveX Control
This signature detects attempts to exploit a known vulnerability in Vmware. An attacker can create malicious Web pages containing dangerous ActiveX calls, which if accessed by a victim, can allow the attacker to gain control of the victim's client browser.
Extended Description
An ActiveX control installed with VMware is prone to multiple remote code-execution vulnerabilities. An attacker can exploit these issues to execute hostile code on a victim's computer in the context of the vulnerable application using the ActiveX control (typically Internet Explorer). Successful exploits will allow attackers to execute arbitrary code with the privileges of the affected user; other consequences are possible. These issues affect VMware 6.0.0; other versions may also be affected.
Affected Products
- VMWare ACE 1.0.3
- VMWare ACE 2.0.0
- VMWare Player 1.0.4
- VMWare Player 2.0.0
- VMWare Server 1.0.3
- VMWare Workstation 5.5.0
- VMWare Workstation 5.5.4
- VMWare Workstation 6.0.0
References
- BugTraq: 25131
- CVE: CVE-2007-4155