Creative Software AutoUpdate Engine ActiveX (CTSUEng.ocx) Unspecified Overflow

This script is Copyright (C) 2008-2016 Tenable Network Security, Inc.


Synopsis :

The remote Windows host has an ActiveX control that is affected by a
buffer overflow vulnerability.

Description :

The remote host contains the Creative Software AutoUpdate Engine
ActiveX control, which is used to automatically update Creative Labs
software.

The version of this control installed on the remote host reportedly
contains an unspecified stack-based buffer overflow. If an attacker
can trick a user on the affected host into viewing a specially crafted
HTML document, this method could be leveraged to execute arbitrary
code on the affected system subject to the user's privileges.

See also :

http://research.eeye.com/html/alerts/zeroday/20080526.html

Solution :

Unknown at this time.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.8
(CVSS2#E:H/RL:W/RC:ND)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 32442 (ctsu_autoupdate_activex_overflow.nasl)

Bugtraq ID: 29391

CVE ID: CVE-2008-0955

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now