HTTP: Symantec Client Proxy Unsafe ActiveX Control
This signature detects attempts to use unsafe ActiveX controls in Symantec Client Proxy. An attacker can create a malicious Web site containing Web pages with dangerous ActiveX controls, which if accessed by a victim, allows the attacker to gain control of the victim's client browser, resulting in a user-level arbitrary code execution. Symantec AntiVirus versions 10.0.x Prior to 10.1 MR9, 10.1.x prior to MR9, 10.2.x prior to MR4, and Symantec Client Security versions 3.0.x prior to 3.1 MR9 and 3.1.x prior to MR9 are affected.
Extended Description
The Symantec Client Proxy ActiveX control is prone to a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data. Successful exploits allow remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts will likely result in denial-of-service conditions. The following are vulnerable: Symantec AntiVirus 10.0.x and 10.1.x prior to 10.1 MR9 Symantec AntiVirus 10.2.x prior to 10.2 MR4 Symantec Client Security 3.0.x and 3.1.x prior to 3.1 MR9
Affected Products
Symantec client_security
Short Name
HTTP:STC:ACTIVEX:SYMC-CLIPROXY
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
ActiveX CVE-2010-0108 Client Control Proxy Symantec Unsafe bid:38222
Release Date
03/08/2010
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3725
False Positive
Unknown
Vendors
Symantec
CVSS Score
10.0