Signature Detail

HTTP: Microsoft Internet Explorer XML Remote Command Execution

This signature detects attempts to use unsafe ActiveX controls in XML Core Services. An attacker can create a malicious Web site containing Web pages with dangerous ActiveX controls, which if accessed by a victim, allows the attacker to gain control of the victim's client browser.

Extended Description

Microsoft XML Core Services is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial-of-service conditions. Microsoft XML Core Services versions 3.0, 4.0, 5.0, and 6.0 are affected.

Affected Products

• Avaya CallPilot 4.0
• Avaya CallPilot 5.0
• Avaya Communication Server 1000 Telephony Manager 3.0
• Avaya Communication Server 1000 Telephony Manager 4.0
• Avaya Conferencing Standard Edition 6.0
• Avaya Conferencing Standard Edition 6.0 SP1
• Avaya Meeting Exchange - Client Registration Server
• Avaya Meeting Exchange - Recording Server
• Avaya Meeting Exchange - Streaming Server
• Avaya Meeting Exchange - Web Conferencing Server
• Avaya Meeting Exchange - Webportal
• Avaya Messaging Application Server 5
• Avaya Messaging Application Server 5.2
• Microsoft XML Core Services 3.0
• Microsoft XML Core Services 4.0
• Microsoft XML Core Services 5.0
• Microsoft XML Core Services 6.0

References

• BugTraq: 53934
• BugTraq: 25301
• CVE: CVE-2007-0099
• CVE: CVE-2008-4029
• CVE: CVE-2007-2223
• CVE: CVE-2012-1889
• CVE: CVE-2008-4033
• URL: http://www.microsoft.com/technet/security/Bulletin/MS08-069.mspx