HTTP: Microsoft Windows Media Player Unsafe ActiveX Control
This signature detects attempts to use unsafe ActiveX control in the Microsoft Windows Media Player. An attacker can create a malicious Web site containing Web pages with dangerous ActiveX controls, which if accessed by a victim, allows the attacker to gain control of the victim's client browser.
Extended Description
Microsoft Windows Media Player is prone to multiple information-disclosure vulnerabilities because it fails to properly restrict access to certain functionality when handling media files. An attacker can exploit these vulnerabilities to obtain information that may aid in further attacks.
Affected Products
Microsoft windows_media_player
Short Name
HTTP:STC:ACTIVEX:WMP-SCRIPT
Severity
Minor
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
ActiveX CVE-2004-1324 CVE-2004-1325 CVE-2010-0268 Control Media Microsoft Player Unsafe Windows bid:12031 bid:12032 bid:35335 bid:39351
Release Date
12/17/2012
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3550
False Positive
Rarely
Vendors
Microsoft
CVSS Score
2.6
9.3
5.0