Data Dynamics ActiveBar ActiveX Controls Code Execution

This script is Copyright (C) 2011-2016 Tenable Network Security, Inc.

Synopsis :

The remote Windows host has an ActiveX control installed that is
affected by a code execution vulnerability.

Description :

One or more of the Data Dynamics ActiveBar ActiveX controls installed
on the remote Windows host is affected by a code execution
vulnerability due to unspecified issues in the 'Save()',
'SaveLayoutChanges()', 'SaveMenuUsageData()', and 'SetLayoutData()'

Note that Data Dynamics ActiveBar is bundled with IBM Rational System

See also :

Solution :

Multiple solutions exist to resolve this vulnerability :

- Upgrade to IBM Rational System Architect (eGA
29 April 2011) / (eGA 29 April 2011) or later.

- Install Microsoft KB2562937 (Update Rollup for ActiveX
Kill Bits).

- Disable the use of the vulnerable ActiveX controls
within Internet Explorer per the IBM advisory.

- Disable all ActiveX controls in the Internet Zone.

Risk factor :

High / CVSS Base Score : 9.3
CVSS Temporal Score : 8.8
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 54841 ()

Bugtraq ID: 24959

CVE ID: CVE-2007-3883

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now