Husdawg System Requirements Lab Multiple ActiveX Remote Code Execution

This script is Copyright (C) 2008-2014 Tenable Network Security, Inc.


Synopsis :

The remote Windows host has an ActiveX control that could allow
arbitrary code execution.

Description :

Instant Expert Analysis from Husdawg System Requirements Lab is
installed on the remote host. Instant Expert Analysis software allows
websites to perform one-click software/hardware analysis of remote
systems.

An ActiveX component used by Instant Expert Analysis can be exploited
to download and execute malicious code from an unauthorized website.
Although, the software uses a signed Java applet to download and
execute files, it may be possible to execute code without any user
interaction if the applet is previously signed on an authorized
website.

Reportedly either file 'sysreqlab.dll', 'sysreqlabsli.dll', or
'sysreqlab2.dll' is affected by this issue.

See also :

http://www.systemrequirementslab.com/bulletins/security_bulletin_1.html

Solution :

Upgrade to Husdawg System Requirements Lab 3.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.7
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 34491 (husdawg_srl_activex_code_execution.nasl)

Bugtraq ID: 31752

CVE ID: CVE-2008-4385

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now