Signature Detail
Short Name |
HTTP:STC:CLSID:ACTIVEX:VMWARE |
|---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
VMWare ActiveX Control Exploit |
Release Date |
2007/08/21 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: VMWare ActiveX Control Exploit
This signature detects attempts to exploit a known vulnerability in VMWare ActiveX Control. An attacker can create a malicious Web page containing dangerous ActiveX calls, which if accessed by a victim, allows the attacker to run code of their choice with the victim's privileges,
Extended Description
An ActiveX control installed with VMware is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute hostile code on a victim's computer in the context of the vulnerable application using the ActiveX control (typically Internet Explorer). Successful exploits will allow attackers to execute arbitrary code with the privileges of the affected user; other consequences are possible. This issue affects VMware 6.0.0; other versions may also be affected.
Affected Products
- VMWare Workstation 6.0.0
References
- BugTraq: 25118
- CVE: CVE-2007-4058