HTTP: Cisco Unity Vulnerable ActiveX Control
This signature detects a common ActiveX control that is vulnerable to the Microsoft Active Template Library (ATL) issues announced in MS09-035. If exploited, this vulnerability allows the execution of code in the context of the logged in user. Note that this signature is not designed to identify known malicious sites, but simply an alert that a vulnerable and potentially malicious ActiveX control has been accessed. Some Enterprise users may want to use these signatures to block known malicious ActiveX controls; however it is recommended that before this is done, the full impact is understood and tested.
Extended Description
Cisco Unity Player is prone to a remote code-execution vulnerability because it was compiled against the Microsoft Active Template Library (ATL). This issue is tracked by Cisco Bug ID CSCta71728. Remote attackers can exploit this issue to execute arbitrary code with the privileges of the user running the affected application, possibly with SYSTEM-level privileges. Failed exploit attempts will likely result in a denial-of-service condition. This issue is caused by the vulnerabilities described in Microsoft security advisory 973883 and is related to the following BIDs: 35828 Microsoft Visual Studio Active Template Library COM Object Remote Code Execution Vulnerability 35830 Microsoft Visual Studio Active Template Library NULL String Information Disclosure Vulnerability 35832 Microsoft Visual Studio ATL 'VariantClear()' Remote Code Execution Vulnerability
Affected Products
Cisco unity
Short Name
HTTP:STC:ATL:CISCO-UNITY
Severity
Minor
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
ActiveX Cisco Control Unity Vulnerable bid:35847
Release Date
08/11/2009
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Cisco