This script is Copyright (C) 2011-2016 Tenable Network Security, Inc.
The remote Windows host has an ActiveX control that allows overwriting
The version of IDrive installed on the remote Windows host is earlier
than 3.4.1 and includes a third-party ActiveX control named
UniBasicPack.UniTextBox from CyberActiveX with an insecure method.
Specifically, the 'SaveToFile()' method can be abused to overwrite
Note that this control implements IObjectSafety, which reports that it
is safe for both initialization and scripting, even though it is not
marked as such in the registry itself.
See also :
Upgrade to IDrive 3.4.1 or later, which does not include the control.
Risk factor :
High / CVSS Base Score : 9.3
CVSS Temporal Score : 7.7
Public Exploit Available : true