HTTP: Sun Java Runtime Environment Unsafe ActiveX Control
This signature detects attempts to use unsafe ActiveX controls in Sun Java Runtime Environment. An attacker can create a malicious Web site containing Web pages with dangerous ActiveX controls, which if accessed by a victim, allows the attacker to gain control of the victim's client browser.
Extended Description
Java Runtime Environment (JRE) is prone to arbitrary code-execution vulnerabilities that affect multiple Java plugins for multiple browsers. Attackers can exploit these issues to execute arbitrary code in the context of the user running the vulnerable applications. The issues affect Java Runtime Environment versions 1.6.0_10 and later (JRE 6 Update 10 and later); other versions may also be vulnerable.
Affected Products
Sun jre_(windows_production_release)
Short Name
HTTP:STC:JAVA:JAVADEPLOY-RCE
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
ActiveX CVE-2007-4467 CVE-2009-1671 CVE-2010-0886 CVE-2010-0887 CVE-2010-1423 CVE-2012-1723 CVE-2013-2416 Control Environment Java Runtime Sun Unsafe bid:25473 bid:34931 bid:39346 bid:53960
Release Date
04/13/2010
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Sun
CVSS Score
9.3
10.0
4.3