HTTP: Microsoft Visual FoxPro ActiveX Vulnerability
This signature detects attempts to exploit a known vulnerability in Microsoft Visual FoxPro. Attackers can create malicious Web pages containing dangerous ActiveX calls, which if accessed by a victim, can allow the attacker to gain control of the target system.
Extended Description
Microsoft Visual FoxPro ActiveX control is prone to a stack-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts likely result in denial-of-service conditions. Microsoft Visual FoxPro 6.0 is vulnerable to this issue; other versions may also be affected.
Affected Products
Nortel_networks contact_center_manager_server
Short Name
HTTP:STC:CLSID:ACTIVEX:FPOLE
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
ActiveX CVE-2007-4790 FoxPro Microsoft Visual Vulnerability bid:25571
Release Date
09/21/2007
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3339
False Positive
Unknown
Vendors
Nortel_networks
Microsoft
CVSS Score
7.5