Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

This site is deprecated. Please CLICK HERE for latest updates

Short Name

HTTP:STC:ACTIVEX:DATA-ACTIVEBAR

Severity

Major

Recommended

No

Recommended Action

Drop

Category

HTTP

Keywords

Data Dynamics ActiveBar ActiveX

Release Date

2011/05/05

Update Number

1915

Supported Platforms

idp-4.0.110090709+, isg-3.1.134269+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+

HTTP: Data Dynamics ActiveBar ActiveX


This signature detects attempts to use unsafe ActiveX controls in Data Dynamics. An attacker can create a malicious Web site containing Web pages with dangerous ActiveX controls, which if accessed by a victim, allows the attacker to gain control of the victim's client browser.

Extended Description

Data Dynamics ActiveBar ActiveX control is prone to a vulnerability caused by an insecure method. Successfully exploiting this issue will allow attackers to execute arbitrary code within the context of the affected application (typically Internet Explorer) that uses the ActiveX control. Data Dynamics ActiveBar 1.0.6.5 is vulnerable; other versions may also be affected.

Affected Products

  • Data_dynamics activebar_activex_control 1.0.6.5
  • Ibm rational_system_architect 11.3.0.0
  • Ibm rational_system_architect 11.4.0.0
  • Legacy_family_tree legacy_family_tree 7.5.0.77

References

  • BugTraq: 47643
  • BugTraq: 45851
  • CVE: CVE-2011-1207
  • CVE: CVE-2010-3591
  • URL: http://www.datadynamics.com/default.aspx

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out