Juniper Networks released a vulnerability announcement today.
"Title: IVE ActiveX client vulnerability
Date: 25 April 2006
Impact: Client side code execution in context of Internet Explorer
Affected Products: IVE OS 1.x to 5.x
Max Risk: High
Recommended Actions: Upgrade the IVE software to any of the following fixed versions: 5.3r2.1, 5.2r4.1, 5.1r8, 5.0r6.1, 4.2r8.1"
It appears that an activeX control that is installed when using IVE can be remotely exploited.
The exploit described by eeye looks fairly trivial.
IVE is Instant Virtual Extranet which provides SSL VPN control with centralized reporting, monitoring and configuration management. It is basically a host security auditor and can be used as an element of their netscreen remote client. It can verify things like recent virus signatures and scans. Which is important before letting some machine on to your corporate network!
eeye has published the details here:
Apr 28th 2006
1 decade ago