Dell Webcam CrazyTalk ActiveX Remote Overflow

This script is Copyright (C) 2012 Tenable Network Security, Inc.


Synopsis :

The remote Windows host has an ActiveX control that is affected by a
buffer overflow vulnerability.

Description :

The remote Windows host contains an install of the CrazyTalk ActiveX
control, bundled with Dell Webcam software, that reportedly fails to
sanitize input to the 'BackImage', 'ScriptName', 'ModelName', and
'SRC' properties, which could be abused to trigger a buffer overflow.

By tricking a user into opening a specially crafted web page, a
remote, unauthenticated attacker could execute arbitrary code on the
remote host subject to the user's privileges.

Solution :

Remove or disable the control as fixes are not available.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.4
(CVSS2#E:F/RL:W/RC:ND)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 58483 ()

Bugtraq ID: 52560
52571

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now