HP PKI ActiveX Control KillProcess Denial of Service

This script is Copyright (C) 2012-2014 Tenable Network Security, Inc.


Synopsis :

The remote Windows host has an ActiveX control that is affected by a
denial of service vulnerability.

Description :

The version of the HP PKI ActiveX control installed on the remote
Windows host is earlier than 1.2.0.1. As such, it reportedly contains
an insecure method named 'KillProcess()' that could be used to
terminate arbitrary user processes.

Solution :

Upgrade to version 1.2.0.1 or later as that reportedly resolves the
vulnerability :

https://digitalbadge.external.hp.com/hp/HPPKI.cab

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 3.6
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 57536 ()

Bugtraq ID: 51341

CVE ID: CVE-2012-6501

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now