HTTP: Yahoo! Music Jukebox ActiveX Control Access
This signature detects attempts to exploit a known vulnerability in Yahoo! Music Jukebox ActiveX Control. An attacker can create a malicious Web site containing Web pages with dangerous ActiveX calls, which if accessed by a victim, allows the attacker to gain control of the victim's client browser.
Extended Description
Microsoft 'hxvz.dll' ActiveX control is prone to a remote memory-corruption vulnerability. Remote attackers can exploit this issue to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Successful exploits will compromise the application and possibly the underlying computer. Failed attacks will cause denial-of-service conditions.
Affected Products
Microsoft windows_server_2003_enterprise_edition_itanium
Short Name
HTTP:STC:ACTIVEX:JBOX
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
Access ActiveX CVE-2008-0625 CVE-2008-1086 Control Jukebox Music Yahoo! bid:27578 bid:27579 bid:28606
Release Date
02/11/2008
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3724
False Positive
Unknown
Vendors
Nortel_networks
Microsoft
CVSS Score
9.3
4.3