Corel ActiveCGM Browser ActiveX (acqm.dll) Multiple Overflows

This script is Copyright (C) 2007-2014 Tenable Network Security, Inc.


Synopsis :

The remote Windows host has an ActiveX control that is susceptible to
multiple buffer overflow attacks.

Description :

The remote host contains the ActiveCGM ActiveX control, which supports
viewing of CGM files in a web browser.

The version of this control on the remote host is reportedly affected
by multiple buffer overflows. If an attacker can trick a user on the
affected host into visiting a specially crafted web page, he may be
able to leverage these issues to execute arbitrary code on the host
subject to the user's privileges.

Solution :

Either disable the use of this ActiveX control from within Internet
Explorer by setting its kill bit or contact the vendor to upgrade it
to version 7.1.4.19 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.5
(CVSS2#E:U/RL:W/RC:ND)
Public Exploit Available : false

Family: Windows

Nessus Plugin ID: 25494 (corel_activecgm_overflows.nasl)

Bugtraq ID: 24464

CVE ID: CVE-2007-2921

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now