HTTP: Dangerous ClassID in ActiveX Object Type 23
This signature detects attempts to exploit a known vulnerability against Internet Explorer. Malicious Web sites, containing dangerous ActiveX CLSID references can exploit this vulnerability and gain control of client browsers.
Extended Description
Microsoft Internet Explorer is prone to a buffer-overflow vulnerability that is exposed when certain COM objects are instantiated as ActiveX controls. A malicious webpage could pass content to these objects to trigger memory corruption. Successful exploits could let remote attackers execute arbitrary code in the context of the currently logged-in user.
Affected Products
Microsoft internet_explorer
References
BugTraq: 14511
CVE: CVE-2005-1990
URL: http://www.kb.cert.org/vuls/id/959049 http://www.microsoft.com/technet/Security/bulletin/ms05-038.mspx
Short Name
HTTP:STC:CLSID:ACTIVEX:AX-23
Severity
Minor
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
23 ActiveX CVE-2005-1990 ClassID Dangerous Object Type bid:14511 in
Release Date
08/09/2005
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Microsoft
CVSS Score
5.1