HTTP: Oracle Data Control ORADC ActiveX Control Code Execution (2)
This signature detects attempts to exploit a known vulnerability in Oracle Data Control (ORADC) ActiveX Object. An attacker can create a malicious Web site containing dangerous ActiveX calls, which if accessed by a victim, allows the attacker to gain control of the victim's client system.
Extended Description
Oracle ORADC ActiveX control is prone to a remote code-execution vulnerability. Exploiting this issue allows remote attackers to execute arbitrary machine code in the context of applications using the affected ActiveX control and possibly to compromise affected computers.
Affected Products
Oracle oracle_objects_for_ole
Short Name
HTTP:STC:CLSID:ACTIVEX:ORADC2
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
(2) ActiveX Code Control Data Execution ORADC Oracle bid:22026
Release Date
01/30/2007
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Oracle