HTTP: Office Viewer 'OA.ocx' ActiveX Unsafe Method Denial of Service
This signature detects attempts to use unsafe ActiveX controls in Office Viewer. An attacker can create a malicious Web site containing Web pages with dangerous ActiveX controls, which if accessed by a victim, allows the attacker to carry out a denial of service attack against the victim's client browser.
Extended Description
Office Viewer ActiveX control is prone to multiple denial-of-service vulnerabilities. Exploiting these issues allows remote attackers to crash applications that employ the vulnerable control (typically Microsoft Internet Explorer). Office Viewer ActiveX Control 3.2.0.5 is reported vulnerable to these issues; other versions may also be affected.
Affected Products
Office_ocx office_viewer
Short Name
HTTP:STC:ACTIVEX:OFFICEVIEW-DOS
Severity
Minor
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
'OA.ocx' ActiveX CVE-2007-2588 CVE-2009-0382 Denial Method Office Service Unsafe Viewer bid:23811 bid:33238 bid:33243 bid:33245 of
Release Date
07/27/2011
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Paltalk
Office_ocx
CVSS Score
9.3
4.3