HTTP: Internet Explorer CreateObject ActiveX Vulnerability

This signature detects attempts to exploit a known vulnerability in Internet Explorer. An attacker can create malicious Web pages containing dangerous ActiveX calls, which if accessed by a victim, allows the attacker to gain control of the victim's client browser.

Extended Description

The Microsoft MDAC RDS.Dataspace ActiveX control is vulnerable to remote code execution. An attacker could exploit this issue to execute code in the context of the user visiting a malicious web page.

Affected Products

Microsoft data_access_components_(mdac)

References

BugTraq: 17462

CVE: CVE-2006-0003

Short Name
HTTP:STC:CLSID:ACTIVEX:CREATEOB
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
ActiveX CVE-2006-0003 CreateObject Explorer Internet Vulnerability bid:17462
Release Date
10/09/2007
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3336
False Positive
Unknown
Vendors

Hitachi

Microsoft

CVSS Score

5.1

Found a potential security threat?