This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.
This signature detects an attempt to create an unauthorised user account on a remote system by exploiting Windows Shell User Logon ActiveX control vulnerability.
The Windows Shell User Logon ActiveX control is used to provide access to a Windows shell.
The control (CLSID: 08F04139-8DFC-11D2-80E9-006008B066EE) is prone to a vulnerability which allows attackers to create user accounts on victim computers. Specifically, an attacker can entice an unsuspecting user to activate a specially crafted webpage that uses the 'create' method of the 'shgina.dll' library to create an user account on the victim's computer.
Exploiting this issue can aid in further attacks and may result in the compromise of affected computers.
Version 6.0.2900.2180 is vulnerable; other versions may also be affected.
- Microsoft Windows Shell User Logon ActiveX control 6.0.2900.2180
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:firstname.lastname@example.org.