This script is Copyright (C) 2011-2016 Tenable Network Security, Inc.
The remote Windows host has a COM object that is affected by a memory
Tom Sawyer Software's GET Extension Factory, a component used for
graph visualization applications, is installed on the remote Windows
host. It may have been bundled with a third-party application, such
as the VMware Infrastructure Client or Embarcadero ER / Studio XE2.
The installed version of this component has a vulnerability in that it
does not initialize COM objects properly inside Internet Explorer,
which leads to a memory corruption vulnerability.
If an attacker can trick a user on the affected host into visiting a
specially crafted web page, this issue could be leveraged to execute
arbitrary code on the host subject to the user's privileges.
See also :
If the affected COM object is installed with the VMware
Infrastructure Client, follow the instructions in VMware's advisory.
Otherwise, remove or disable the controls.
Risk factor :
High / CVSS Base Score : 9.3
CVSS Temporal Score : 8.1
Public Exploit Available : true