Oracle Document Capture Multiple Vulnerabilities

This script is Copyright (C) 2011-2016 Tenable Network Security, Inc.


Synopsis :

The remote Windows host has one or more ActiveX controls installed
that are affected by multiple vulnerabilities.

Description :

The Oracle Document Capture client installed on the remote host is
potentially affected by multiple vulnerabilities :

- An unspecified vulnerability exists in the Import Export
utility. An attacker can exploit this to affect
integrity. (CVE-2010-3598)

- An information disclosure vulnerability exists related
to the EasyMail ActiveX control. (CVE-2010-3595)

- Insecure methods in the 'Actbar2.ocx' and 'empop3.dll'
ActiveX controls can be exploited to overwrite arbitrary
files. (CVE-2010-3591)

- An error in the 'WriteJPG()' method in the NCSEcw.dll
ActiveX control can be exploited to overwrite arbitrary
files or potentially cause a buffer overflow.
(CVE-2010-3599)

- An unspecified vulnerability exists in the Internal
Operations component. (CVE-2010-3592)

Note that the NCSEcw.dll control is actually from the ERDAS ECW/JP2
SDK developer toolkit from Intergraph.

See also :

http://dsecrg.ru/pages/vul/show.php?id=304
http://dsecrg.ru/pages/vul/show.php?id=305
http://dsecrg.ru/pages/vul/show.php?id=306
http://dsecrg.ru/pages/vul/show.php?id=307
http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html
http://www.nessus.org/u?230ea045

Solution :

If using Oracle's Document Capture client, apply the patch from Oracle
to disable the ActiveX controls.

If using a different application that includes the NCSEcw.dll control,
set the kill bit for the affect control as discussed in Hexagon
Geospatial's advisory.

Risk factor :

High / CVSS Base Score : 9.4
(CVSS2#AV:N/AC:L/Au:N/C:N/I:C/A:C)
CVSS Temporal Score : 7.4
(CVSS2#E:POC/RL:OF/RC:C)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 51873 ()

Bugtraq ID: 45846
45849
45851
45856
45871

CVE ID: CVE-2010-3591
CVE-2010-3592
CVE-2010-3595
CVE-2010-3598
CVE-2010-3599

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now