HTTP: Microsoft Internet Explorer Image Tag Unsafe Activex
This signature detects attempts to use unsafe ActiveX controls against Microsoft Internet Explorer. An attacker can create a malicious Web site containing Web pages with dangerous ActiveX controls, which if accessed by a victim, allows the attacker to gain control of the victim's client browser.
Extended Description
A vulnerability exists in Microsoft Internet Explorer that may permit a malicious Web page to hijack mouse events. This could potentially be exploited to trick an unsuspecting user into performing unintended actions such as approving pop-up dialogs. The method caching variant of this attack is also reported to work. This is similar to the vulnerability described in BID 9108. This issue could potentially be exploited to execute arbitrary code or be used in other attacks.
Affected Products
Avaya s8100_media_servers,Microsoft internet_explorer
Short Name
HTTP:STC:ACTIVEX:IEMOUSE-IMGTAG
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
Activex CVE-2004-0841 Explorer Image Internet Microsoft Tag Unsafe bid:10690
Release Date
04/12/2013
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3339
False Positive
Unknown
Vendors
Avaya
Microsoft
CVSS Score
5.0