Photo Upload Plugin ActiveX Multiple Buffer Overflows

This script is Copyright (C) 2007-2014 Tenable Network Security, Inc.


Synopsis :

The remote Windows host has an ActiveX control that is affected by
multiple buffer overflow vulnerabilities.

Description :

The remote host contains the PhotoChannel Networks Photo Upload Plugin
ActiveX control, which is used by multiple retailers for uploading
photographs to photo centers.

The version of this control installed on the remote host reportedly
contains multiple and as-yet unspecified overflows that could lead to
arbitrary code execution on the affected system. However, successful
exploitation requires that an attacker trick a user on the
affected host into visiting a specially crafted web page.

Solution :

Either upgrade to version 2.0.0.10 or later of the control, disable
its use from within Internet Explorer by setting its kill bit, or
remove it completely.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.9
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Windows

Nessus Plugin ID: 26063 ()

Bugtraq ID: 25685

CVE ID: CVE-2007-0326

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now