This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.
The remote Windows host has an ActiveX control that can be used to
overwrite arbitrary files.
The version of the Morovia Barcode ActiveX control installed on the
remote Windows host allows overwriting of arbitrary files via calls to
the control's 'Save' and 'ExportImage' methods. If an attacker can
trick a user on the affected host into viewing a specially crafted
HTML document, he can leverage this issue to overwrite arbitrary files
on the affected system subject to the user's privileges.
See also :
Upgrade to Morovia Barcode ActiveX 3.6.0 or later.
Risk factor :
High / CVSS Base Score : 7.8
CVSS Temporal Score : 6.7
Public Exploit Available : true