nProtect Netizen ActiveX Control Arbitrary File Creation Vulnerability

Bugtraq ID:	13354
Class:	Failure to Handle Exceptional Conditions
CVE:
Remote:	Yes
Local:	No
Published:	Apr 25 2005 12:00AM
Updated:	Apr 25 2005 12:00AM
Credit:	Discovered by Keigo Yamazaki.
Vulnerable:	nProtect Netizen 2005.3.17 .1
Not Vulnerable:

nProtect Netizen ActiveX Control Arbitrary File Creation Vulnerability

nProtect Netizen is prone to an arbitrary file creation vulnerability in an ActiveX control. A malicious Web site can invoke the ActiveX control to download a file to a specified location on the file system.

nProtect Netizen ActiveX Control Arbitrary File Creation Vulnerability

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.

nProtect Netizen ActiveX Control Arbitrary File Creation Vulnerability

Solution:
A fix is reportedly available from the vendor, however, this has not been confirmed by Symantec. Users are advised to contact the vendor to obtain fix information.

Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.

nProtect Netizen ActiveX Control Arbitrary File Creation Vulnerability

References:

• Netizen Home Page (nProtect)
  
• [SNS Advisory No.80] nProtect:Netizen Arbitrary File Download Vulnerability ([email protected] (snsadv))