HTTP: Unsafe Microsoft Video ActiveX Control (2)
This signature detects attempts to use unsafe ActiveX components in Microsoft Windows system. An attacker can create a malicious Web site containing Web pages with dangerous ActiveX components, which if accessed by a victim, allows the attacker to gain control of the victim's client browser.
Extended Description
The Microsoft Active Template Library (ATL) is prone to a remote code-execution vulnerability. This issue affects a private version of the ATL used internally by Microsoft; components written by other vendors are likely unaffected. Remote attackers can exploit this issue to execute arbitrary code with the privileges of the user running an application built against the affected library. Failed exploit attempts will result in a denial-of-service condition. NOTE: This BID was previously titled "Microsoft Windows 'MPEG2TuneRequest' ActiveX Control Remote Code Execution Vulnerability". It has been updated to better reflect the issue.
Affected Products
Nortel_networks self-service_media_processing_server,Nortel_networks communication_control_toolkit
Short Name
HTTP:STC:ACTIVEX:MSVIDCTL-2
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
(2) ActiveX CVE-2008-0015 CVE-2009-2494 Control Microsoft Unsafe Video bid:35558 bid:35585 bid:35982
Release Date
07/14/2009
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3725
False Positive
Unknown
Vendors
Nortel_networks
Microsoft
CVSS Score
9.3
10.0