HTTP: TLBINF32.DLL ActiveX Control Remote Code Execution Vulnerability
This signature detects attempts to exploit a known vulnerability in Visual Basic 6.0. An attacker can create a malicious Web page that contains dangerous ActiveX method calls, which if accessed by a victim, can allow the attacker to gain control of the victim's client browser.
Extended Description
The Microsoft Visual Basic 6 TypeLib Information Library (TLI) ActiveX control is prone to a remote code-execution vulnerability. An attacker may exploit this issue by enticing victims into opening a maliciously crafted HTML document. Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts will likely result in denial-of-service conditions.
Affected Products
Avaya messaging_application_server,Microsoft internet_explorer
Short Name
HTTP:STC:ACTIVEX:VB-TLBINF32
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
ActiveX CVE-2007-2216 Code Control Execution Remote TLBINF32.DLL Vulnerability bid:25289
Release Date
08/14/2007
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3724
False Positive
Unknown
Vendors
Hp
Microsoft
Avaya
CVSS Score
9.3