Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
673
Views
0
Helpful
2
Replies

New stuff : ASA firewalls :::: blocking Active X ??? need more insight plz..

Go to solution
game123
Level 1
Level 1

‎10-07-2011 11:26 PM - edited ‎03-11-2019 02:35 PM

With reference to the published link

http://www.cisco.com/web/about/security/intelligence/actX-ALPI_amiddleton.html

i want to know how to find out the activex object CLSId and prog ID ???

this is important to know and i loved the technique that regex can do in ASA ~

best regards, waiting.

Kamran.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
amiddlet
Level 1
Level 1

‎10-10-2011 05:56 AM

Great question Kamran. When dealing with ActiveX vulnerabilities/exploits, as stated in the referenced document,

"When vulnerabilities are found in ActiveX controls, the vendor typically  discloses the specific vulnerable ActiveX CLSID or ProgID values. If  these details are provided, the use of regular expressions can be  employed within the application layer protocol inspection engine to  identify specific strings in a packet and perform specific actions on  this traffic as defined by the inspection policy."

That said, in the event that the vendor has not provided the CLSID or ProgID values in clear manner it often takes a simple google search to locate them. A prime example of this is the fact that more often than not the vendor provides one of these details or the other (most often the CLSID), thus a quick search will reveal the ProgID, especially on the disclosed vulnerabilities.

For example, if one were to deal with an Adobe Shockwave activeX vulnerability or exploit, you could do a quick google search and discover the ProgID info from one of the first hits (http://forums.adobe.com/thread/876552):

progid:ShockwaveFlash.ShockwaveFlash.

The ProgID and CLSID info are generally not kept secret, they are public knowledge. You will find that as you deal with these types of exploits more and more, you will be able to pick up/discover the requisite CLSID and ProgID quite quickly.

Hope this helps!

-Andrae

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Kureli Sankar
Cisco Employee
Cisco Employee

‎10-08-2011 10:23 AM

I will reach out to the author and see if he would comment.

-Kureli

0 Helpful

Go to solution
amiddlet
Level 1
Level 1

‎10-10-2011 05:56 AM

Great question Kamran. When dealing with ActiveX vulnerabilities/exploits, as stated in the referenced document,

"When vulnerabilities are found in ActiveX controls, the vendor typically  discloses the specific vulnerable ActiveX CLSID or ProgID values. If  these details are provided, the use of regular expressions can be  employed within the application layer protocol inspection engine to  identify specific strings in a packet and perform specific actions on  this traffic as defined by the inspection policy."

That said, in the event that the vendor has not provided the CLSID or ProgID values in clear manner it often takes a simple google search to locate them. A prime example of this is the fact that more often than not the vendor provides one of these details or the other (most often the CLSID), thus a quick search will reveal the ProgID, especially on the disclosed vulnerabilities.

For example, if one were to deal with an Adobe Shockwave activeX vulnerability or exploit, you could do a quick google search and discover the ProgID info from one of the first hits (http://forums.adobe.com/thread/876552):

progid:ShockwaveFlash.ShockwaveFlash.

The ProgID and CLSID info are generally not kept secret, they are public knowledge. You will find that as you deal with these types of exploits more and more, you will be able to pick up/discover the requisite CLSID and ProgID quite quickly.

Hope this helps!

-Andrae

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card