Nessus Windows < 3.0.6.1 ScanCtrl ActiveX Multiple Method File Manipulation

This script is Copyright (C) 2007-2017 Tenable Network Security, Inc.


Synopsis :

The remote Windows host has an ActiveX control that is affected by
multiple issues.

Description :

The remote host contains the ScanCtrl ActiveX control, a part of
Nessus for Windows.

The version of the ScanCtrl ActiveX control, installed as part of
Nessus for Windows on the remote host, fails to validate input to
several methods. If an attacker can trick a user on the affected host
into visiting a specially crafted web page, this issue could be
leveraged to delete or write to arbitrary files or even execute
arbitrary code on the host subject to the user's privileges.

Solution :

Upgrade to Nessus for Windows version 3.0.6.1 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.8
(CVSS2#E:F/RL:ND/RC:ND)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 25799 ()

Bugtraq ID: 25088

CVE ID: CVE-2007-4031
CVE-2007-4061
CVE-2007-4062

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now