Sony ImageStation AxRUploadServer.AxRUploadControl ActiveX (AxRUploadServer.dll) SetLogging Method Overflow

This script is Copyright (C) 2008-2016 Tenable Network Security, Inc.


Synopsis :

The remote Windows host has an ActiveX control that is affected by a
buffer overflow vulnerability.

Description :

The remote host contains the AxRUploadServer.AxRUploadControl.1
ActiveX control, which was used to upload photos to Sony's
ImageStation photo sharing and printing service.

The version of this control installed on the remote host reportedly
contains a buffer overflow when handling a long argument to the
'SetLogging' method. If an attacker can trick a user on the affected
host into viewing a specially crafted HTML document, this method
could be used to execute arbitrary code on the affected system subject
to the user's privileges.

See also :

http://www.securityfocus.com/archive/1/archive/1/487802/100/0/threaded

Solution :

Remove the affected control as the ImageStation service was shut down
in February 2008.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.0
(CVSS2#E:POC/RL:W/RC:ND)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 33484 (imagestation_setlogging_overflow.nasl)

Bugtraq ID: 27715

CVE ID: CVE-2008-0748

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now