This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.
The remote Windows host has an ActiveX control that allows overwriting
The remote host contains the FlexCell.Grid ActiveX control, a
component of the FlexCell grid control software.
The version of the control installed on the remote host reportedly
fails to validate input to the 'File' argument of the 'SaveFile' and
'ExportToXML' methods before writing to the specified filename.
If an attacker can trick a user on the affected host into viewing a
specially crafted HTML document, this issue could be leveraged to
create or overwrite arbitrary files on the affected system subject to
the user's privileges.
See also :
Upgrade to FlexCell Grid Control 5.8.0 or later.
Risk factor :
High / CVSS Base Score : 7.8
CVSS Temporal Score : 6.1
Public Exploit Available : true