Detections
Analytics

HP Virtual Rooms Client < 7.0.1 ActiveX Control Dangerous Methods

high Nessus Plugin ID 35804

Synopsis

The remote Windows host has an ActiveX control that fails to restrict access to dangerous methods.

Description

HP Virtual Rooms client is installed on the remote system. An ActiveX control included with the client and provided by a file with a name such as 'HPVirtualRooms32.dll' contains several dangerous methods. By tricking a user into viewing a specially crafted HTML document, it may be possible for an attacker to use these methods to execute arbitrary code on the remote system subject to the user's privileges.

Solution

Upgrade to HP Virtual Rooms client version 7.0.1.

See Also

https://seclists.org/bugtraq/2009/Feb/226

Plugin Details

Severity: High

ID: 35804

File Name: hp_virtualroomsclient_701_code_exec.nasl

Version: 1.15

Type: local

Agent: windows

Family: Windows

Published: 3/9/2009

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 6.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:hp:virtual_rooms

Required KB Items: SMB/Registry/Enumerated

Exploit Ease: No known exploits are available

Patch Publication Date: 2/26/2009

Reference Information

CVE: CVE-2009-0208

BID: 33918

CWE: 94

CERT: 461321