SID 12689
Msg
"WEB-ACTIVEX GlobalLink ConnectAndEnterRoom ActiveX clsid access"
Summary
This event is generated when an attempt is made to exploit a known vulnerability in an ActiveX control.
Classtype
attempted-user
Impact
A successful attack can cause a buffer overflow and the subsequent execution of arbitrary code with system level privileges on a vulnerable host.
Detailed Information
A vulnerability exists in the way that Internet Explorer handles ActiveX controls that may present an attacker with the opportunity to run code of their choosing on a host.
In particular, this event is generated when a call to the component GlobalLink ConnectAndEnterRoom is made. This may indicate an attempt to exploit known vulnerabilities in that ActiveX control which may lead to a system compromise.
Affected Systems
- Microsoft Windows systems using the GlobalLink ConnectAndEnterRoom ActiveX control
Attack Scenarios
An attacker can host a web site that will return code of their choosing to the object when a victim clicks on a malicious link.
Ease Of Attack
Simple.
False Positives
None known.
False Negatives
None known.
Corrective Action
Upgrade to the most current non-affected version of the product.
Contributors
- Sourcefire Vulnerability Research Team
- Alex Kirk
- Nigel Houghton
