HTTP: VMWare Unsafe ActiveX Control
This signature detects attempts to exploit a known vulnerability in VMWare ActiveX Control. An attacker can create a malicious Web page containing dangerous ActiveX calls, which if accessed by a victim, allows the attacker to run code of their choice with the victim's privileges,
Extended Description
An ActiveX control installed with VMware is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute hostile code on a victim's computer in the context of the vulnerable application using the ActiveX control (typically Internet Explorer). Successful exploits will allow attackers to execute arbitrary code with the privileges of the affected user; other consequences are possible. This issue affects VMware 6.0.0; other versions may also be affected.
Affected Products
Vmware workstation
Short Name
HTTP:STC:CLSID:ACTIVEX:VMWARE
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
ActiveX CVE-2007-4058 Control Unsafe VMWare bid:25118
Release Date
08/21/2007
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Vmware
CVSS Score
4.3