PhotoParade Player PhPInfo ActiveX (PhPCtrl.dll) FileVersionof Property Overflow

This script is Copyright (C) 2007-2014 Tenable Network Security, Inc.


Synopsis :

The remote Windows host has an ActiveX control that is affected by a
buffer overflow vulnerability.

Description :

The remote host contains the PhPInfo ActiveX control, included with
the PhotoParade Player software for creating slideshows of digital
pictures.

The version of this control installed on the remote host reportedly
contains an unspecified overflow in its 'FileVersionOf' property that
could lead to arbitrary code execution on the affected system.
Successful exploitation requires that an attacker trick a
user on the affected host into visiting a specially crafted web page.

Solution :

Disable the use of this ActiveX control from within Internet Explorer
by setting its kill bit or remove it completely.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.5
(CVSS2#E:U/RL:W/RC:ND)
Public Exploit Available : false

Family: Windows

Nessus Plugin ID: 26025 ()

Bugtraq ID: 25654

CVE ID: CVE-2007-1688

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now