MS KB870669: ADODB.Stream object from Internet Explorer

This script is Copyright (C) 2004-2017 Tenable Network Security, Inc.


Synopsis :

The remote host contains a version of IE which may read and write to
local files.

Description :

The remote host contains a vulnerability in IE. The ADODB.Stream
object can be used by a malicious web page to read and write to local
files.

An attacker could use this flaw to gain access to the data on the remote
host. To exploit this flaw, an attacker would need to set up a rogue
website and lure a user on the remote host into visiting it. If the
website contains the proper call to the ADODB object, then it may
execute data on the remote host.

See also :

http://support.microsoft.com/?kbid=870669

Solution :

Microsoft produced a workaround for this problem.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.7
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 12298 ()

Bugtraq ID: 10514

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now