Signature Detail
Short Name |
HTTP:STC:ACTIVEX:WORD-VIEWER |
|---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Microsoft Office Word Viewer ActiveX Control |
Release Date |
2014/03/24 |
Update Number |
2356 |
Supported Platforms |
idp-4.0.110090709+, isg-3.1.134269+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: Microsoft Office Word Viewer ActiveX Control
This signature detects attempts to use unsafe ActiveX controls in Microsoft Office Word Viewer. An attacker can create a malicious Web site containing Web pages with dangerous ActiveX controls, which if accessed by a victim, allows the attacker to gain control of the victim's client browser.
Extended Description
Word Viewer ActiveX control is prone to multiple denial-of-service and code-execution vulnerabilities. Exploiting these issues allows remote attackers to crash applications that employ the vulnerable controls (typically Microsoft Internet Explorer). Attackers may also execute arbitrary code in the context of an affected user. Word Viewer ActiveX Control 3.2.0.5 is reported vulnerable; other versions may also be affected.
Affected Products
- Office OCX Word Viewer 3.2
- Office OCX Word Viewer 3.2.0.5
References
- BugTraq: 23784
- BugTraq: 33243
- BugTraq: 33238
- BugTraq: 23811
- BugTraq: 33245
- CVE: CVE-2007-2588
- CVE: CVE-2007-2496
- CVE: CVE-2007-2494