1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. HTTP MS Img Logger ActiveX File Overwrite

HTTP MS Img Logger ActiveX File Overwrite

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects an attempt to exploit a remote file overwrite vulnerability by passing specially crafted arguments into a method of Microsoft Windows Image Acquisition Logger ActiveX Control.

Additional Information

Microsoft Windows Image Acquisition allows graphics applications to communicate with various imaging devices.

Microsoft Windows Image Acquisition Logger ActiveX control is prone to a vulnerability that lets attackers overwrite files with arbitrary, attacker-controlled content. The issue occurs because the control fails to sanitize user-supplied input. This issue affects the 'Save()' method of the ActiveX control identified by CLSID: A1E75357-881A-419E-83E2-BB16DB197C68.

An attacker can exploit this issue to overwrite files with attacker-supplied data. This will aid in further attacks.

Additional References

  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube