Zango.DownloadAndExecute.ActiveX.Control.Access
Description
Zango and Hotbar install some ActiveX components for Microsoft Internet Explorer which contain the insecure method "DownloadAndExec". Some malicious users can force the victim to visit a malicious URL that contains the call to this method, letting them download and execute arbitrary code on the victim's computer.
Affected Products
Zango and Hotbar toolbar.
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Remove the Zango and Hotbar programs, or set the kill bit on the following CLSIDs:
"8C875948-9C60-4381-9248-0DF180542D53"
"BFC08CFF-C737-4433-BD5A-0EE7EFCFEE54"
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |
Version Updates
Date | Version | Detail |
---|---|---|
2020-12-02 | 16.972 |