Detections
Analytics
Dell DellSystemLite.Scanner ActiveX Control Multiple Vulnerabilities
medium Nessus Plugin ID 52045
Language:
Synopsis
The remote Windows host has an ActiveX control that is affected by multiple vulnerabilities.Description
The DellSystemLite.Scanner ActiveX control, a component from Dell to determine relevant software for your system, installed on the remote Windows host reportedly is affected by multiple vulnerabilities :- An input validation error exists in the 'GetData()' method can be exploited to disclose the contents of arbitrary text files via directory traversal specifiers passed to the 'fileID' parameter.
- The unsafe property 'WMIAttributesOfInterest' allows assigning arbitrary WMI Query Language statements that can be exploited to disclose system information.
Solution
Remove or disable the control as fixes are not available.See Also
https://secuniaresearch.flexerasoftware.com/secunia_research/2011-10/
https://secuniaresearch.flexerasoftware.com/secunia_research/2011-11/
Plugin Details
Severity: Medium
ID: 52045
File Name: dell_systemlitescanner_activex.nasl
Version: 1.7
Type: local
Agent: windows
Family: Windows
Published: 2/21/2011
Updated: 11/15/2018
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Low
Score: 3.6
CVSS v2
Risk Factor: Medium
Base Score: 4.3
Temporal Score: 3.2
Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N
Vulnerability Information
CPE: cpe:/a:dell:dellsystemlite.scanner_activex_control
Required KB Items: SMB/Registry/Enumerated
Exploit Ease: No known exploits are available
Vulnerability Publication Date: 2/18/2011
Reference Information
CVE: CVE-2011-0329, CVE-2011-0330
BID: 46443
Secunia: 42880