HTTP: MS Rich TextBox Unsafe ActiveX Control
This signature detects attempts to use unsafe ActiveX controls in Microsoft MSRICH textbox. An attacker can create a malicious Web site containing Web pages with dangerous ActiveX controls, which if accessed by a victim, allows the attacker to gain control of the victim's client browser.
Extended Description
Mircrosoft Rich TextBox Control is prone to a vulnerability that allows attackers to create or overwrite arbitrary data with the privileges of the application using the control (typically Internet Explorer). Successful exploits will compromise affected computers or cause denial-of-service conditions; other attacks are possible. This issue affects 'richtx32.ocx' 6.1.97.82; other versions may also be affected. NOTE: This BID is being retired because the issue is not exploitable. The ActiveX control is not marked 'Safe for Scripting'.
Affected Products
Microsoft rich_textbox_control
Short Name
HTTP:STC:ACTIVEX:RICHTXT
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
ActiveX CVE-2008-0237 Control MS Rich TextBox Unsafe bid:27201
Release Date
08/27/2010
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Microsoft
CVSS Score
6.8