2X ApplicationServer TuxSystem ActiveX Control 'ExportSettings()' Insecure Method Vulnerability
BID:51856
Info
2X ApplicationServer TuxSystem ActiveX Control 'ExportSettings()' Insecure Method Vulnerability
| Bugtraq ID: | 51856 |
| Class: | Design Error |
| CVE: |
CVE-2012-1065 |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 03 2012 12:00AM |
| Updated: | Feb 16 2012 05:50PM |
| Credit: | Andrea Micalizzi (rgod) via Secunia. |
| Vulnerable: |
2X 2X ApplicationServer 10.1 Build 1224 |
| Not Vulnerable: | |
Discussion
2X ApplicationServer TuxSystem ActiveX Control 'ExportSettings()' Insecure Method Vulnerability
The 2X ApplicationServer TuxSystem ActiveX control is prone to a vulnerability caused by an insecure method.
Successfully exploiting this issue will allow attackers to create or overwrite files within the context of the affected application (typically Internet Explorer) that uses the ActiveX control. Attackers may be able to execute arbitrary code with user-level privileges.
The 2X ApplicationServer TuxSystem ActiveX control is prone to a vulnerability caused by an insecure method.
Successfully exploiting this issue will allow attackers to create or overwrite files within the context of the affected application (typically Internet Explorer) that uses the ActiveX control. Attackers may be able to execute arbitrary code with user-level privileges.
Exploit / POC
2X ApplicationServer TuxSystem ActiveX Control 'ExportSettings()' Insecure Method Vulnerability
Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
2X ApplicationServer TuxSystem ActiveX Control 'ExportSettings()' Insecure Method Vulnerability
Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
2X ApplicationServer TuxSystem ActiveX Control 'ExportSettings()' Insecure Method Vulnerability
References:
References:
- 2X ApplicationServer Homepage (2X ApplicationServer)