HP Virtual Rooms Client < 7.0.1 ActiveX Control Dangerous Methods

This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.

Synopsis :

The remote Windows host has an ActiveX control that fails to restrict
access to dangerous methods.

Description :

HP Virtual Rooms client is installed on the remote system. An ActiveX
control included with the client and provided by a file with a name such
as 'HPVirtualRooms32.dll' contains several dangerous methods. By
tricking a user into viewing a specially crafted HTML document, it may
be possible for an attacker to use these methods to execute arbitrary
code on the remote system subject to the user's privileges.

See also :


Solution :

Upgrade to HP Virtual Rooms client version 7.0.1.

Risk factor :

High / CVSS Base Score : 9.3
CVSS Temporal Score : 7.7
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 35804 (hp_virtualroomsclient_701_code_exec.nasl)

Bugtraq ID: 33918

CVE ID: CVE-2009-0208

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now