IDrive Online Backup ActiveX Control < 3.4.1 Arbitrary File Overwrite

high Nessus Plugin ID 55549

Synopsis

The remote Windows host has an ActiveX control that allows overwriting arbitrary files.

Description

The version of IDrive installed on the remote Windows host is earlier than 3.4.1 and includes a third-party ActiveX control named UniBasicPack.UniTextBox from CyberActiveX with an insecure method.
Specifically, the 'SaveToFile()' method can be abused to overwrite arbitrary files.

Note that this control implements IObjectSafety, which reports that it is safe for both initialization and scripting, even though it is not marked as such in the registry itself.

Solution

Upgrade to IDrive 3.4.1 or later, which does not include the control.

See Also

http://www.nessus.org/u?fcb69223

https://seclists.org/bugtraq/2011/Jul/51

Plugin Details

Severity: High

ID: 55549

File Name: idrive_3_4_1.nasl

Version: 1.6

Type: local

Agent: windows

Family: Windows

Published: 7/11/2011

Updated: 11/15/2018

Supported Sensors: Nessus Agent, Nessus

Risk Information

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 7.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

Required KB Items: SMB/Registry/Enumerated

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 6/30/2011

Vulnerability Publication Date: 7/6/2011

Reference Information

BID: 48582