HTTP: Vantage ActiveX Control Access
This signature detects attempts to exploit a known vulnerability in Vantage. An attacker can create malicious Web pages containing dangerous AcitveX calls, which if accessed by a victim, allows the attacker to gain control of the victim's client browser.
Extended Description
Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Successful exploits will compromise the user's account and possibly the underlying computer. Failed attacks will cause denial-of-service conditions.
Affected Products
Avaya messaging_application_server,Microsoft internet_explorer
References
BugTraq: 26506
CVE: CVE-2007-3902
URL: http://www.microsoft.com/technet/security/Bulletin/MS07-069.mspx
Short Name
HTTP:STC:CLSID:ACTIVEX:VANTAGEX
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
Access ActiveX CVE-2007-3902 Control Vantage bid:26506
Release Date
12/11/2007
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3339
False Positive
Unknown
Vendors
Nortel_networks
Hp
Avaya
Microsoft
CVSS Score
9.3