Quest vWorkspace 'pnllmcli.dll' ActiveX Control Arbitrary File Overwrite Vulnerability

Bugtraq ID:	52917
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Apr 05 2012 12:00AM
Updated:	Apr 05 2012 12:00AM
Credit:	retrogod
Vulnerable:	Quest Software vWorkspace 7.5
Not Vulnerable:

Quest vWorkspace 'pnllmcli.dll' ActiveX Control Arbitrary File Overwrite Vulnerability

Quest vWorkspace ActiveX control is prone to an arbitrary-file-overwrite vulnerability.

Attackers can overwrite arbitrary files on the victim's computer in the context of the vulnerable application that is using the ActiveX control (typically Internet Explorer).

vWorkspace 7.5 is vulnerable; other versions may also be affected.

Quest vWorkspace 'pnllmcli.dll' ActiveX Control Arbitrary File Overwrite Vulnerability

To exploit this issue, an attacker must entice an unsuspecting user to view a malicious webpage.

Quest vWorkspace 'pnllmcli.dll' ActiveX Control Arbitrary File Overwrite Vulnerability

Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Quest vWorkspace 'pnllmcli.dll' ActiveX Control Arbitrary File Overwrite Vulnerability

References:

• Microsoft Knowledge Base Article 240797 (Microsoft)
  
• Quest vWorkspace 7.5 Connection Broker Client ActiveX Control (nospam)
  
• vworkspace Homepage (Quest)
  
• Quest vWorkspace 7.5 Connection Broker Client ActiveX Control (pnllmcli.dll 7.5. (nospam)