Signature Detail
Short Name |
HTTP:STC:ACTIVEX:VMWARE |
|---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
VMWare COM API Unsafe ActiveX Control |
Release Date |
2008/09/16 |
Update Number |
1291 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: VMWare COM API Unsafe ActiveX Control
This signature detects attempts to exploit a known vulnerability in VMWare. An attacker can create a malicious Web site with Web pages containing dangerous ActiveX calls, which if accessed by a victim, allows the attacker to gain control of the victim's client browser.
Extended Description
Multiple VMware ActiveX controls are prone to multiple unspecified security issues. Very little information is known about these issues. We will update this BID as soon as more information becomes available.
Affected Products
- VMWare ACE 1.0.7
- VMWare ACE 1.0.7 build 108880
- VMWare ACE 2.0.5
- VMWare ACE 2.0.5 build 109488
- VMWare Fusion 1.0
- VMWare Fusion 1.1.0
- VMWare Fusion 1.1.1
- VMWare Fusion 1.1.2
- VMWare Fusion 1.1.2 Build 87978
- VMWare Player 1.0.8
- VMWare Player 1.0.8 build 108000
- VMWare Player 2.0.5
- VMWare Player 2.0.5 build 109488
- VMWare Server 1.0.7
- VMWare Server 1.0.7 Build 108231
- VMWare Workstation 5.5.8
- VMWare Workstation 5.5.8 build 108000
- VMWare Workstation 6.0.5
- VMWare Workstation 6.0.5 build 109488
References
- CVE: CVE-2008-3892
- CVE: CVE-2008-3691
- URL: http://www.milw0rm.com/exploits/6345