HTTP: Microsoft Internet Explorer Speech API 4 Dangerous ActiveX
This signature detects attempts to exploit a known vulnerability in Internet Explorer (IE). An attacker can create a malicious Web page containing dangerous ActiveX CLSID references, which if accessed by a victim, can allow the attacker to gain control of the victim's client browser.
Extended Description
Microsoft Internet Explorer is prone to multiple buffer-overflow vulnerabilities when instantiating certain COM objects. An attacker may exploit these issues by enticing victims into opening a maliciously crafted webpage. Successfully exploiting these issues allows remote attackers to execute arbitrary machine code in the context of the affected application, facilitating the remote compromise of affected computers.
Affected Products
Avaya messaging_application_server,Microsoft internet_explorer
Short Name
HTTP:STC:ACTIVEX:SPEECH-API
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
4 API ActiveX CVE-2007-2222 Dangerous Explorer Internet Microsoft Speech bid:24426
Release Date
06/12/2007
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Nortel_networks
Microsoft
Avaya
CVSS Score
9.3