Office Viewer Component ActiveX (officeviewer.ocx) HttpDownloadFile Method Traversal Arbitrary File Overwrite

This script is Copyright (C) 2007-2016 Tenable Network Security, Inc.


Synopsis :

The remote Windows host has an ActiveX control with an insecure
method.

Description :

The remote host contains the Office Viewer Component, an ActiveX
control for working with Microsoft Office documents.

The version of this control installed on the remote host reportedly
contains an insecure method, 'HttpDownloadFile'. If an attacker can
trick a user on the affected host into visiting a specially crafted
web page, he may be able to use this method to place arbitrary files
on the host subject to the user's privileges.

See also :

http://www.ocxt.com/archives/39

Solution :

Upgrade to Office Viewer Component version 5.2 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.0
(CVSS2#E:POC/RL:W/RC:ND)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 26013 ()

Bugtraq ID: 25344

CVE ID: CVE-2007-4420

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now