This script is Copyright (C) 2006-2017 Tenable Network Security, Inc.
The remote Windows host has an ActiveX control that is susceptible to
a buffer overflow vulnerability.
The Windows remote host contains the Gracenote CDDBControl ActiveX
control, which is used by various products, including AOL's software,
to lookup CD information in the Gracenote CDDB and is commonly marked
as safe for scripting.
The version of this ActiveX control on the remote host reportedly
contains a buffer overflow vulnerability that arises when a large
string is supplied as an option for the control. A remote attacker may
be able to leverage this issue to execute arbitrary code on the remote
host subject to the privileges of the current user.
See also :
Contact the developer of the software you are using for a patch or new
version; otherwise, use Gracenote's tool to set its kill bit to
disable the control in Internet Explorer.
Risk factor :
High / CVSS Base Score : 9.3
CVSS Temporal Score : 7.7
Public Exploit Available : true