HP Virtual Rooms Client < 7.0.1 ActiveX Control Dangerous Methods

This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.


Synopsis :

The remote Windows host has an ActiveX control that fails to restrict
access to dangerous methods.

Description :

HP Virtual Rooms client is installed on the remote system. An ActiveX
control included with the client and provided by a file with a name such
as 'HPVirtualRooms32.dll' contains several dangerous methods. By
tricking a user into viewing a specially crafted HTML document, it may
be possible for an attacker to use these methods to execute arbitrary
code on the remote system subject to the user's privileges.

See also :

http://seclists.org/bugtraq/2009/Feb/226

Solution :

Upgrade to HP Virtual Rooms client version 7.0.1.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.7
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 35804 (hp_virtualroomsclient_701_code_exec.nasl)

Bugtraq ID: 33918

CVE ID: CVE-2009-0208

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now