Intrusion PreventionMS.IE.Foxtlib.ActiveX.Object.Buffer.Overflow
Description
This indicates a buffer overflow vulnerability in certain ActiveX controls. Fpole.ocx and Foxtlib.ocx are ActiveX objects that were shipped with Visual Studio 6 and they were never intended to run in the browser. When used in Internet Explorer, the object may corrupt the system state in such a way that an attacker could execute arbitrary code.
Affected Products
IE5.01 SP4 on Microsoft Windows 2000 SP4
IE6 SP1 when installed on Microsoft Windows 2000 SP4
IE6 for Windows XP SP2
IE6 for Windows XP Profx64 Edition and Windows XP Prof x64 Edition SP2
IE6 for Windows Server 2003 SP1 and Windows Server 2003 SP2
IE6 for Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition SP2
IE6 for Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems
IE7 for Windows XP SP2
IE7 for Windows XP Prof x64 Edition and Windows XP Prof x64 Edition SP2
IE7 for Windows Server 2003 SP1 and Windows Server 2003 SP2
IE7 for Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition SP2
IE7 for Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems
IE7 in Windows Vista
IE7 in Windows Vista x64 Edition
Impact
System Compromise
Denial of Service
Recommended Actions
Apply patch:
http://www.microsoft.com/technet/security/bulletin/ms08-010.mspx.
Telemetry
Coverage
| IPS (Regular DB) | |
| IPS (Extended DB) |
| ID | 15406 |
| Created | Feb 13, 2008 |
| Updated | Jan 08, 2021 |
| Risk |
|
| CVE ID | CVE-2007-4790 |
| Exploit Prediction Score | 96.4% |
| Default Action | drop |
| Active | |
| Affected OS | Windows |
| Affected App | IE |