HTTP: Microsoft HxTocCtrl ActiveX Control Access
This signature detects attempts to exploit a known vulnerability in Microsoft's HxTocCtrl control in hxvz.dll. An attacker can create a malicious Web site containing dangerous ActiveX controls, which if accessed by a victim, allows the attacker to gain control of the victim's client browser.
Extended Description
The HxTocCtrl ActiveX control (hxvz.dll), as used in Microsoft Internet Explorer 5.01 SP4 and 6 SP1, in Windows XP SP2, Server 2003 SP1 and SP2, Vista SP1, and Server 2008, allows remote attackers to execute arbitrary code via malformed arguments, which triggers memory corruption.
Affected Products
Microsoft windows_xp
Short Name
HTTP:STC:ACTIVEX:HXVZ
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
Access ActiveX CVE-2008-1086 Control HxTocCtrl Microsoft bid:28606
Release Date
04/08/2008
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3590
False Positive
Unknown
Vendors
Microsoft
CVSS Score
9.3