Nessus SCANCTRL.ScanCtrlCtrl.1 ActiveX Control Multiple Vulnerabilities
BID:25088
Info
Nessus SCANCTRL.ScanCtrlCtrl.1 ActiveX Control Multiple Vulnerabilities
| Bugtraq ID: | 25088 |
| Class: | Design Error |
| CVE: |
CVE-2007-4061 CVE-2007-4062 CVE-2007-4031 |
| Remote: | Yes |
| Local: | No |
| Published: | Jul 26 2007 12:00AM |
| Updated: | Jul 06 2016 02:17PM |
| Credit: | Krystian Kloskowski is credited with the discovery of one of these vulnerabilities. The others were identified by Secunia Research. |
| Vulnerable: |
Nessus Nessus 3.0.6 |
| Not Vulnerable: | |
Discussion
Nessus SCANCTRL.ScanCtrlCtrl.1 ActiveX Control Multiple Vulnerabilities
Nessus SCANCTRL.ScanCtrlCtrl.1 ActiveX control is prone to multiple vulnerabilities.
An attacker can exploit these issues to overwrite or delete arbitrary files on a victim's computer in the context of the vulnerable application using the ActiveX control (typically Internet Explorer). Attackers can also upload arbitrary files. Successful exploits will allow attackers to cause denial-of-service conditions and corrupt sensitive data; other consequences resulting from placing a malicious file on the system are also possible.
These issues affect Nessus 3.0.6; other versions may also be affected.
Nessus SCANCTRL.ScanCtrlCtrl.1 ActiveX control is prone to multiple vulnerabilities.
An attacker can exploit these issues to overwrite or delete arbitrary files on a victim's computer in the context of the vulnerable application using the ActiveX control (typically Internet Explorer). Attackers can also upload arbitrary files. Successful exploits will allow attackers to cause denial-of-service conditions and corrupt sensitive data; other consequences resulting from placing a malicious file on the system are also possible.
These issues affect Nessus 3.0.6; other versions may also be affected.
Exploit / POC
Nessus SCANCTRL.ScanCtrlCtrl.1 ActiveX Control Multiple Vulnerabilities
To exploit this issue, an attacker must entice an unsuspecting user to view a maliciously crafted web page.
The following exploits are available:
To exploit this issue, an attacker must entice an unsuspecting user to view a maliciously crafted web page.
The following exploits are available:
Solution / Fix
Nessus SCANCTRL.ScanCtrlCtrl.1 ActiveX Control Multiple Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
Nessus SCANCTRL.ScanCtrlCtrl.1 ActiveX Control Multiple Vulnerabilities
References:
References:
- Microsoft Knowledge Base Article 240797 (Microsoft)
- Nessus Home Page (Tenable Network Security)
- Nessus Vulnerability Scanner ScanCtrl ActiveX Control Insecure Methods (Secunia)