1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. HTTP BlackIce ActiveX Download Activity

HTTP BlackIce ActiveX Download Activity

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects attempt to exploit a arbitrary file download vulnerability by passing specially crafted arguments into a method of Black Ice Multiple Applications 'BiDib.dll' ActiveX Control .

Additional Information

Multiple Black Ice Software applications are prone to a vulnerability that can cause malicious files to be downloaded and saved to arbitrary locations on an affected computer.

The vulnerability affects the 'DownloadImageFileURL' method of the 'BiDib.dll' ActiveX control identified by CLSID: D2797899-BE27-4CDB-892F-4FDC26EA9BA9. The method fails to verify the file type being downloaded and doesn't restrict what directory a file is saved to.

Attackers may exploit this issue to overwrite sensitive files with malicious data that will compromise the affected computer. Other attacks are possible.

Affected

  • This issue affects applications that include BiDib.dll 10.9.3.0; other versions may also be affected.

Response

Download and install all vendor patches related to this vulnerability.

Additional References

  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube