=====================================================================
                                    CERT-Renater

                         Note d'Information No. 2006/VULN215
_____________________________________________________________________

DATE                      : 28/04/2006

HARDWARE PLATFORM(S)      : JUNIPER.

OPERATING SYSTEM(S)       : IVE OS 1.x to 5.x

======================================================================

Title:
IVE ActiveX client vulnerability

Date:
25 April 2006

Version:
1.0

Impact:
Client side code execution in context of Internet Explorer

Affected Products:
IVE OS 1.x to 5.x

Max Risk:
High

Summary:
A malicious web site could trick an IVE users to click a link
exploiting a vulnerability present in the ActiveX component of the IVE
client software

Details:
When using Internet Explorer to access the IVE device, an ActiveX
control is automatically downloaded to perform various tasks. This
ActiveX control could be invoked in a web page on a malicious website
by using the standard HTML "object" notation. The "object" tag contains
the control to be loaded (in this case the IVE ActiveX) and provides a
list of parameters and values that get passed.

A stack overflow currently exists in the way the IVE ActiveX control
parses those parameters which could lead to remote code execution in
the context of Internet Explorer.


Recommended Actions:
Upgrade the IVE software to any of the following fixed versions:

     * 5.3r2.1
     * 5.2r4.1
     * 5.1r8
     * 5.0r6.1
     * 4.2r8.1

Acknowledgement:
Juniper Networks extends a special thank you to Eeye for reporting and
working to resolve this issue with our engineering teams.

Disclaimer:
Juniper Networks is providing this notice on an "AS IS" basis. No
warranty or guarantee of any kind is expressed in this notice and none
should be implied. Juniper Networks expressly excludes and disclaims
any warranties regarding this notice or materials referred to in this
notice, including, without limitation, any implied warranty of
merchantability, fitness for a particular purpose, absence of hidden
defects, or of noninfringement. Your use or reliance on this notice or
materials referred to in this notice is at your own risk. Juniper
Networks may change this notice at any time.


If you wish to verify the validity of this Security Advisory, the
public PGP key can be accessed at:
http://www.juniper.net/support/security/

======================================================================

           =========================================================
           Les serveurs de référence du CERT-Renater
           http://www.urec.fr/securite
           http://www.cru.fr/securite
           http://www.renater.fr
           =========================================================
           + CERT-RENATER          | tel : 01-53-94-20-44          +
           + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
           + 75013 Paris           | email: certsvp@renater.fr     +
           =========================================================