IDrive Online Backup ActiveX Control < 3.4.1 Arbitrary File Overwrite

This script is Copyright (C) 2011-2016 Tenable Network Security, Inc.


Synopsis :

The remote Windows host has an ActiveX control that allows overwriting
arbitrary files.

Description :

The version of IDrive installed on the remote Windows host is earlier
than 3.4.1 and includes a third-party ActiveX control named
UniBasicPack.UniTextBox from CyberActiveX with an insecure method.
Specifically, the 'SaveToFile()' method can be abused to overwrite
arbitrary files.

Note that this control implements IObjectSafety, which reports that it
is safe for both initialization and scripting, even though it is not
marked as such in the registry itself.

See also :

http://www.nessus.org/u?fcb69223
http://seclists.org/bugtraq/2011/Jul/51

Solution :

Upgrade to IDrive 3.4.1 or later, which does not include the control.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.7
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 55549 ()

Bugtraq ID: 48582

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now