SID 12774
Msg
"SPECIFIC-THREATS obfuscated GlobalLink ConnectAndEnterRoom ActiveX exploit attempt"
Summary
This event is generated when an attempt is made to exploit a known vulnerability in an ActiveX control.
Classtype
attempted-user
Impact
A successful attack can cause a buffer overflow and the subsequent execution of arbitrary code with system level privileges on a vulnerable host.
Detailed Information
A vulnerability exists in the way that Internet Explorer handles ActiveX controls that may present an attacker with the opportunity to run code of their choosing on a host.
In particular, this event is generated when a call to the GlobalLink is made. This may indicate an attempt to exploit known vulnerabilities in that ActiveX control which may lead to a system compromise.
Heap-based buffer overflow in a certain ActiveX control in GLChat.ocx in GlobalLink 2.7.0.8 allows remote attackers to execute arbitrary code via a long first argument to the ConnectAndEnterRoom method, as exploited in the wild.
Affected Systems
- Microsoft Windows systems using the GlobalLink ActiveX control
Attack Scenarios
An attacker can host a web site that will return code of their choosing to the object when a victim clicks on a malicious link.
Ease Of Attack
Simple.
False Positives
None known.
False Negatives
None known.
Corrective Action
Upgrade to the most current non-affected version of the product.
Contributors
- This document was generated from data supplied by the National Vulnerability Database. A product of the National Institute of Standards and Technology.
- For more information see http://nvd.nist.gov/
- Sourcefire Vulnerability Research Team
- Alex Kirk
- Nigel Houghton
