Signature Detail

HTTP: Sun Java Runtime Environment Unsafe ActiveX Control

This signature detects attempts to use unsafe ActiveX controls in Sun Java Runtime Environment. An attacker can create a malicious Web site containing Web pages with dangerous ActiveX controls, which if accessed by a victim, allows the attacker to gain control of the victim's client browser.

Extended Description

Java Runtime Environment (JRE) is prone to arbitrary code-execution vulnerabilities that affect multiple Java plugins for multiple browsers. Attackers can exploit these issues to execute arbitrary code in the context of the user running the vulnerable applications. The issues affect Java Runtime Environment versions 1.6.0_10 and later (JRE 6 Update 10 and later); other versions may also be vulnerable.

Affected Products

• Sun JRE (Linux Production Release) 1.6.0 10
• Sun JRE (Linux Production Release) 1.6.0 11
• Sun JRE (Linux Production Release) 1.6.0 12
• Sun JRE (Linux Production Release) 1.6.0 13
• Sun JRE (Linux Production Release) 1.6.0 14
• Sun JRE (Linux Production Release) 1.6.0 15
• Sun JRE (Linux Production Release) 1.6.0 18
• Sun JRE (Linux Production Release) 1.6.0 19
• Sun JRE (Windows Production Release) 1.6.0 10
• Sun JRE (Windows Production Release) 1.6.0 11
• Sun JRE (Windows Production Release) 1.6.0 12
• Sun JRE (Windows Production Release) 1.6.0 13
• Sun JRE (Windows Production Release) 1.6.0 14
• Sun JRE (Windows Production Release) 1.6.0 15
• Sun JRE (Windows Production Release) 1.6.0 18
• Sun JRE (Windows Production Release) 1.6.0 19

References

• BugTraq: 34931
• BugTraq: 39346
• BugTraq: 53960
• BugTraq: 25473
• CVE: CVE-2007-4467
• CVE: CVE-2010-0887
• CVE: CVE-2010-1423
• CVE: CVE-2010-0886
• CVE: CVE-2009-1671
• CVE: CVE-2012-1723
• CVE: CVE-2013-2416