|Check Point Reference:||CPAI-2012-609|
|Date Published:||14 Oct 2012|
|Protection Provided by:||
|Who is Vulnerable?|| HP Lifecycle Management ActiveX All versions |
|Vulnerability Description||An insecure method exposure vulnerability has been reported in HP Application Lifecycle Management ActiveX control.|
|Vulnerability Details||The vulnerability is due to using the node parameter as a pointer to a function pointer when handling a certain method. A remote attacker could exploit this vulnerability by enticing a user to open a specially crafted web page. Successful exploitation could result in arbitrary code execution.|
This protection will detect an block attempts to view a specially crafted web page.
In order for the protection to be activated, update your product to the latest update. For information on how to update , go to SBP-2006-05, Protection tab and select the version of your choice.
- In the IPS tab, click Protections and find the HP Application Lifecycle Management ActiveX Control Insecure Method Exposure protection using the Search tool and Edit the protection's settings.
- Install policy on all modules.
SmartView Tracker will log the following entries:
Attack Name: HP Products Protection Violation
Attack Information: HP Application Lifecycle Management ActiveX Control Insecure Method Exposure