HTTP: Internet Explorer Developer Tool Unsafe ActiveX Control
This signature detects attempts to use unsafe ActiveX controls in Microsoft Internet Explorer Developer Tool. An attacker can create a malicious Web site containing Web pages with dangerous ActiveX controls, which if accessed by a victim, allows the attacker to gain control of the victim's client browser.
Extended Description
Microsoft Internet Explorer 8 Developer Tools ('iedvtool.dll') ActiveX control is prone to a remote code-execution vulnerability that stems from a memory-corruption issue. An attacker can exploit this issue to execute arbitrary code in the context of the application, usually Internet Explorer, using the ActiveX control. Failed attacks will likely cause denial-of-service conditions.
Affected Products
Avaya messaging_application_server,Microsoft windows_server_2008_for_x64-based_systems
Short Name
HTTP:STC:ACTIVEX:DEV-TOOL
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
ActiveX CVE-2010-0811 Control Developer Explorer Internet Tool Unsafe bid:40490
Release Date
06/08/2010
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3725
False Positive
Unknown
Vendors
Nortel_networks
Microsoft
Avaya
CVSS Score
9.3