This script is Copyright (C) 2012-2017 Tenable Network Security, Inc.
An ActiveX control installed on the remote Windows host is affected
by multiple vulnerabilities.
At least one version of the NTR ActiveX control installed on the
remote Windows host is earlier than 220.127.116.11. As such, it reportedly
is affected by the following vulnerabilities :
- Four stack-based buffer overflows exist involving the
'bstrUrl' parameter of the 'StartModule()' method, the
'bstrParams' parameter of the 'Check()' method, and the
'bstrUrl' parameter of the 'Download()' and
'DownloadModule()' methods. (CVE-2012-0266)
- An input validation vulnerability exists involving the
'iModule' parameter of the 'StopModule()' method.
If an attacker can trick a user on the affected host into visiting a
specially crafted web page, these issues could be leveraged to
execute arbitrary code on the host subject to the user's privileges.
See also :
Upgrade affected installs to version 18.104.22.168 or later as that
reportedly resolves the vulnerability.
Risk factor :
High / CVSS Base Score : 9.3
CVSS Temporal Score : 7.7
Public Exploit Available : true