Mitsubishi MX Component ActiveX Remote Code Execution

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote host is affected by multiple remote code execution
vulnerabilities.

Description :

The Mitsubishi MX Component v3 'ActUWzd.dll' ActiveX control was found
on the remote host. This control has several methods that are
vulnerable to a heap-based buffer overflow. A remote attacker may be
able to execute arbitrary code by tricking a victim into opening a
specially crafted web page.

See also :

http://support.microsoft.com/kb/240797
http://www.nessus.org/u?76dd9253

Solution :

Disable the control or upgrade to Mitsubishi MX Component 4.03 or
later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.8
(CVSS2#E:F/RL:U/RC:C)
Public Exploit Available : true

Family: SCADA

Nessus Plugin ID: 66761 ()

Bugtraq ID: 58692

CVE ID: CVE-2013-3075