This script is Copyright (C) 2009-2014 Tenable Network Security, Inc.
The remote Windows host has an ActiveX control that is affected by a
heap corruption vulnerability.
The IDrop ActiveX control, a utility from Autodesk that provides the
ability to drag and drop web content into a drawing session, is
installed on the remote Windows host.
Manipulation of the control's 'Src', 'Background', and 'PackageXml'
properties reportedly can be abused to trigger a heap-use-after-free
condition. If an attacker can trick a user on the affected host into
viewing a specially crafted HTML document, he can leverage this issue
to execute arbitrary code on the affected system subject to the user's
See also :
Remove the affected software as it reportedly is no longer supported
Risk factor :
High / CVSS Base Score : 9.3
CVSS Temporal Score : 8.8
Public Exploit Available : true