HTTP: Cowon jetAudio ActiveX Directory Traversal
This signature detects attempts to use unsafe ActiveX controls in Cowon jetAudio. An attacker can create a malicious Web site containing Web pages with dangerous ActiveX controls, which if accessed by a victim, allows the attacker to save file at arbitrary place accessible by the victim's client browser.
Extended Description
jetAudio is prone to a vulnerability that lets attackers overwrite arbitrary files. The problem stems from an insecure method caused by a design error in the affected application. An attacker can exploit this issue to overwrite arbitrary files on the victim's computer in the context of the vulnerable application using the ActiveX control (typically Internet Explorer). This issue affects jetAudio 7.0.3 Basic; other versions may also be affected.
Affected Products
Cowon_america jetaudio_basic
Short Name
HTTP:STC:ACTIVEX:JETAUDIO-DIR
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
ActiveX CVE-2007-4983 Cowon Directory Traversal bid:25723 jetAudio
Release Date
08/31/2010
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Cowon_america
CVSS Score
10.0