HTTP: Microsoft WMS Arbitrary File Write Vulnerability
This signature detects an issue in Windows Media Services Authoring Objects where a malicious user can write an arbitrary file on the affected system.
Extended Description
The Microsoft Windows Media Server ActiveX control is prone to a remote code-execution vulnerability. An attacker may exploit this issue by enticing victims into opening a maliciously crafted HTML document. Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts likely result in denial-of-service conditions.
Affected Products
Avaya messaging_application_server,Microsoft windows_server_2003_standard_edition
Short Name
HTTP:STC:ACTIVEX:MS-IE-WMS
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
Arbitrary CVE-2007-2221 File Microsoft Vulnerability WMS Write bid:23827
Release Date
05/08/2007
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3339
False Positive
Unknown
Vendors
Nortel_networks
Microsoft
Avaya
CVSS Score
9.3