1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. HTTP MS Forms ActiveX Control DoS

HTTP MS Forms ActiveX Control DoS

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.


This signature detects attempt to trigger a denial of service vulnerability by passing specially crafted arguments into vulnerable properties of Microsoft Forms 2.0 ActiveX Control.

Additional Information

Microsoft Forms 2.0 ActiveX Control is a collection of standard form controls that can be used on websites. It includes textboxes, different type of buttons, checkboxes, etc. Forms 2.0 ActiveX is distributed with any application that includes Visual Basic for Applications 5.0.

Microsoft Forms 2.0 ActiveX Control is prone to multiple memory-access violation denial-of-service vulnerabilities. The issues occur in different properties of the following objects:

- 'Forms.Checkbox.1'
- 'Forms.OptionButton.1'
- 'Forms.ToggleButton.1'
- 'Forms.ComboBox.1'
- 'Forms.Textbox.1'

The ActiveX control uses following CLSIDs:
{8BD21D40-EC42-11CE-9E0D-00AA006002F3} - Microsoft Forms 2.0 CheckBox
{8BD21D50-EC42-11CE-9E0D-00AA006002F3} - Microsoft Forms 2.0 OptionButton
{8BD21D60-EC42-11CE-9E0D-00AA006002F3} - Microsoft Forms 2.0 ToggleButton
{8BD21D30-EC42-11CE-9E0D-00AA006002F3} - Microsoft Forms 2.0 ComboBox
{8BD21D10-EC42-11CE-9E0D-00AA006002F3} - Microsoft Forms 2.0 TextBox

Attackers can exploit these issues to crash Internet Explorer and deny service to legitimate users.


  • Microsoft Forms ActiveX Control 2.0
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube