HTTP: AOL Instant Messenger Shell.Application ActiveX Vulnerability
This signature detects attempts to exploit a known vulnerability against AOL Instant Messenger. An attacker can create malicious Web pages, which if accessed by a victim, can lead to the attacker gaining control of the victim's client browser.
Extended Description
AOL Instant Messenger is prone to a remote script-code-execution vulnerability. An attacker may leverage this issue to execute arbitrary script code in the notification window of an unsuspecting user. This may help the attacker launch other attacks.
Affected Products
Aol instant_messenger
References
BugTraq: 25659
CVE: CVE-2007-4901
URL: http://www.coresecurity.com/index.php5?module=ContentMod&action=item&id=1924
Short Name
HTTP:STC:CLSID:ACTIVEX:SHELLAPP
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
AOL ActiveX CVE-2007-4901 Instant Messenger Shell.Application Vulnerability bid:25659
Release Date
11/29/2007
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Aol
CVSS Score
5.8