Detections
Analytics
Data Dynamics ActiveBar ActiveX Controls Code Execution
critical Nessus Plugin ID 54841
Language:
Synopsis
The remote Windows host has an ActiveX control installed that is affected by a code execution vulnerability.Description
One or more of the Data Dynamics ActiveBar ActiveX controls installed on the remote Windows host is affected by a code execution vulnerability due to unspecified issues in the 'Save()', 'SaveLayoutChanges()', 'SaveMenuUsageData()', and 'SetLayoutData()' methods.Note that Data Dynamics ActiveBar is bundled with IBM Rational System Architect.
Solution
Multiple solutions exist to resolve this vulnerability :- Upgrade to IBM Rational System Architect 11.3.1.4 (eGA 29 April 2011) / 11.4.0.3 (eGA 29 April 2011) or later.
- Install Microsoft KB2562937 (Update Rollup for ActiveX Kill Bits).
- Disable the use of the vulnerable ActiveX controls within Internet Explorer per the IBM advisory.
- Disable all ActiveX controls in the Internet Zone.
See Also
http://www.nessus.org/u?7d0d8d3c
http://www.nessus.org/u?b6df7b53
Plugin Details
Severity: Critical
ID: 54841
File Name: data_dynamics_activebar_activex.nasl
Version: 1.14
Type: local
Agent: windows
Family: Windows
Published: 5/27/2011
Updated: 8/19/2019
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.3
CVSS v2
Risk Factor: High
Base Score: 9.3
Temporal Score: 7.3
Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS Score Source: CVE-2011-1207
CVSS v3
Risk Factor: Critical
Base Score: 9.6
Temporal Score: 8.6
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C
Vulnerability Information
CPE: cpe:/a:datadynamics:activebar, cpe:/a:ibm:rational_system_architect
Required KB Items: SMB/Registry/Enumerated
Exploit Available: true
Exploit Ease: Exploits are available
Vulnerability Publication Date: 7/17/2007
Reference Information
CVE: CVE-2007-3883, CVE-2011-1207