HTTP: Dangerous ClassID in ActiveX Object Type 07
This signature detects attempts to exploit a known vulnerability against Internet Explorer. Malicious Web sites, containing dangerous ActiveX CLSID references can exploit this vulnerability and gain control of client browsers.
Extended Description
Microsoft Internet Explorer is prone to a buffer-overflow vulnerability that is exposed when certain COM objects are instantiated as ActiveX controls. A malicious webpage could pass content to these objects to trigger memory corruption. Successful exploits could let remote attackers execute arbitrary code in the context of the currently logged-in user.
Affected Products
Microsoft internet_explorer
Short Name
HTTP:STC:CLSID:ACTIVEX:AX-07
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
07 ActiveX CVE-2005-1990 ClassID Dangerous Object Type bid:14511 in
Release Date
08/09/2005
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Microsoft
CVSS Score
5.1