Signature Detail

HTTP: Microsoft Visual FoxPro ActiveX Vulnerability

This signature detects attempts to exploit a known vulnerability in Microsoft Visual FoxPro. Attackers can create malicious Web pages containing dangerous ActiveX calls, which if accessed by a victim, can allow the attacker to gain control of the target system.

Extended Description

Microsoft Visual FoxPro ActiveX control is prone to a stack-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts likely result in denial-of-service conditions. Microsoft Visual FoxPro 6.0 is vulnerable to this issue; other versions may also be affected.

Affected Products

• HP Storage Management Appliance 2.1
• Microsoft Internet Explorer 5.0.1
• Microsoft Internet Explorer 6.0
• Microsoft Internet Explorer 6.0 SP1
• Microsoft Internet Explorer 7.0
• Microsoft Visual FoxPro 6.0
• Nortel Networks CallPilot 1002Rp
• Nortel Networks CallPilot 200I
• Nortel Networks CallPilot 201I
• Nortel Networks CallPilot 702T
• Nortel Networks CallPilot 703T
• Nortel Networks Centrex IP Client Manager 10.0
• Nortel Networks Centrex IP Client Manager 9.0
• Nortel Networks Contact Center
• Nortel Networks Contact Center Express
• Nortel Networks Contact Center Manager Server
• Nortel Networks Contact Center NCC

References

• BugTraq: 25571
• CVE: CVE-2007-4790
• URL: http://www.sans.org/newsletters/risk/display.php?v=7&i=37&rss=Y#widely4
• URL: http://www.microsoft.com/technet/security/bulletin/MS07-010.mspx
• URL: http://www.milw0rm.com/exploits/4369