Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

Short Name

 HTTP:STC:ACTIVEX:VS05-INJ

Severity

 High

Recommended

 No

Recommended Action

 Drop

Category

 HTTP

Keywords

 Visual Studio Unsafe ActiveX Control Remote Control Execution

Release Date

 2006/12/12

Update Number

 1213

Supported Platforms

 idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

HTTP: Visual Studio Unsafe ActiveX Control Remote Control Execution


This signature detects attempts to use unsafe ActiveX controls in Visual Studio. An attacker can create a malicious Web site containing Web pages with dangerous ActiveX controls, which if accessed by a victim, allows the attacker to gain control of the victim's client application.

Extended Description

Microsoft Visual Studio 2005 is prone to a vulnerability that could allow remote attackers to execute arbitrary code. This issue occurs because of an unspecified error in the WMI Object Broker ActiveX Control. The vulnerability is triggered when a user visits a malicious website using Internet Explorer. Since arbitrary code execution is possible, a successful exploit could facilitate a complete compromise of the affected system. Microsoft Visual Studio 2005 is reported affected. Implementations of Visual Studio 2005 on Windows Server 2003 and Windows Server 2003 Service Pack 1 with Enhanced Security activated are not vulnerable. Nor are Visual Studio 2005 users who are running Internet Explorer 7 with default security settings.

Affected Products

  • Avaya Agent Access
  • Avaya Basic Call Management System Reporting Desktop server
  • Avaya Basic Call Management System Reporting Desktop
  • Avaya CMS Supervisor
  • Avaya Computer Telephony
  • Avaya Contact Center Express
  • Avaya CVLAN
  • Avaya Enterprise Management
  • Avaya Integrated Management 2.1.0
  • Avaya Integrated Management
  • Avaya Interaction Center
  • Avaya Interaction Center - Voice Quick Start
  • Avaya IP Agent
  • Avaya IP Softphone
  • Avaya Modular Messaging S3400
  • Avaya Modular Messaging (MAS) 3.0.0
  • Avaya Modular Messaging (MAS)
  • Avaya Modular Messaging (MSS) 1.1.0
  • Avaya Modular Messaging (MSS) 2.0.0
  • Avaya Modular Messaging (MSS) 2.0.0 SP4
  • Avaya Network Reporting
  • Avaya OctelAccess(r) Server
  • Avaya OctelDesignerTM
  • Avaya Operational Analyst
  • Avaya Outbound Contact Management
  • Avaya Speech Access
  • Avaya Unified Communication Center
  • Avaya Unified Communications Center S3400
  • Avaya Unified Messenger (r)
  • Avaya Visual Messenger TM
  • Avaya Visual Vector Client
  • Avaya VPNmanagerTM Console
  • Avaya Web Messenger
  • Microsoft Visual Studio 2005
  • Microsoft Visual Studio 2005 Professional Edition
  • Microsoft Visual Studio 2005 Standard Edition
  • Microsoft Visual Studio 2005 Team Edition
  • Microsoft Visual Studio 2005 Team Edition for Architects
  • Microsoft Visual Studio 2005 Team Edition for Developers
  • Microsoft Visual Studio 2005 Team Edition for Testers

References

  • BugTraq: 20843
  • CVE: CVE-2006-4704

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out