eEye Retina Wireless Scanner .rws Handling Buffer Overflow

This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.


Synopsis :

The network scanner installed on the remote Windows host has a buffer
overflow vulnerability.

Description :

The version of Retina Wireless Scanner installed on the remote host
has a local buffer overflow vulnerability. A remote attacker could
exploit this issue by tricking a user into opening a malformed .rws
file. This could cause the program to crash or possibly result in
the execution of arbitrary code.

Note that while Retina Wireless Scanner comes included with Retina
Network Security Scanner, it can also be installed as a standalone
application.

See also :

http://research.eeye.com/html/advisories/published/AD20090710.html

Solution :

Either upgrade to Retina Network Security Scanner 5.10.15 or later or
Retina WiFi Scanner (standalone) 1.0.9 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.3
(CVSS2#E:POC/RL:OF/RC:C)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 39809 ()

Bugtraq ID: 35624

CVE ID: CVE-2009-3859

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now