HTTP: Microsoft Office Word Viewer ActiveX Control
This signature detects attempts to use unsafe ActiveX controls in Microsoft Office Word Viewer. An attacker can create a malicious Web site containing Web pages with dangerous ActiveX controls, which if accessed by a victim, allows the attacker to gain control of the victim's client browser.
Extended Description
Word Viewer ActiveX control is prone to multiple denial-of-service and code-execution vulnerabilities. Exploiting these issues allows remote attackers to crash applications that employ the vulnerable controls (typically Microsoft Internet Explorer). Attackers may also execute arbitrary code in the context of an affected user. Word Viewer ActiveX Control 3.2.0.5 is reported vulnerable; other versions may also be affected.
Affected Products
Office_ocx word_viewer
Short Name
HTTP:STC:ACTIVEX:WORD-VIEWER
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
ActiveX CVE-2007-2494 CVE-2007-2496 CVE-2007-2588 Control Microsoft Office Viewer Word bid:23784 bid:23811 bid:33238 bid:33243 bid:33245
Release Date
03/25/2014
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Office_ocx
CVSS Score
9.3
10.0
7.8