NetSupport NSM / NSS Initial Connection Setup Configuration Exchange Remote Overflow

This script is Copyright (C) 2007-2015 Tenable Network Security, Inc.


Synopsis :

The remote Windows host has a program that is affected by a buffer
overflow vulnerability.

Description :

NetSupport Manager (NSM), a multi-platform remote control application,
is installed on the remote host.

According to its version, the NetSupport Manager client component on
the remote host fails to properly validate input during the initial
client connection sequence. An unauthenticated, remote attacker may be
able to leverage this issue to crash the affected service or possibly
execute arbitrary code. [Note that the vendor has only acknowledged
the denial of service vulnerability.]

See also :

http://www.securityfocus.com/archive/1/481537/30/0/threaded
http://www.netsupportsoftware.com/support/td.asp?td=545

Solution :

Upgrade to NetSupport Manager version 10.20.0005 or later.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.4
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Windows

Nessus Plugin ID: 26922 ()

Bugtraq ID: 25932

CVE ID: CVE-2007-5252

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now