HTTP: Microsoft Visual FoxPro vfp6r.dll DoCmd ActiveX Command Execution
This signature detects attempts to exploit a known vulnerability in Visual FoxPro vfp6r.dll DoCmd ActiveX Control. An attacker can create a malicious Web site containing Web pages with dangerous ActiveX calls, which if accessed by a victim, allows the attacker to gain control of the victim's client browser.
Extended Description
Microsoft Visual FoxPro ActiveX control is prone to a vulnerability that lets attackers execute arbitrary commands. Successfully exploiting this issue allows remote attackers to execute arbitrary commands in the context of the application using the ActiveX control (typically Internet Explorer). Microsoft Visual FoxPro 6.0 is vulnerable to this issue; other versions may also be affected. NOTE: This BID is being retired because the issue is not exploitable. The ActiveX control is not marked 'Safe for Scripting'.
Affected Products
Microsoft visual_foxpro
Short Name
HTTP:STC:ACTIVEX:VFP6R
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
ActiveX CVE-2008-0236 Command DoCmd Execution FoxPro Microsoft Visual bid:27205 vfp6r.dll
Release Date
05/20/2008
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3724
False Positive
Unknown
Vendors
Microsoft
CVSS Score
5.8