HTTP: Ultra Office Unsafe ActiveX
This signature detects attempts to use unsafe ActiveX control in Ultra Office. An attacker can create a malicious Web site containing Web pages with dangerous ActiveX controls, which if accessed by a victim, allows the attacker to gain control of the victim's client browser.
Extended Description
The Ultra.OfficeControl ActiveX control in OfficeCtrl.ocx 2.0.2008.801 and earlier in Ultra Shareware Ultra Office Control allows remote attackers to force the download of arbitrary files onto a client system via a URL in the first argument to the Open method, in conjunction with a full destination pathname in the first argument (SaveAsDocument argument) to the Save method.
Affected Products
Ultrashareware ultra_office_control
Short Name
HTTP:STC:ACTIVEX:ULTRAOFFIC
Severity
Minor
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
ActiveX CVE-2008-3879 Office Ultra Unsafe bid:30861 bid:30863
Release Date
06/14/2015
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Ultrashareware
CVSS Score
9.3