2X ApplicationServer TuxSystem ActiveX ExportSettings() Method Arbitrary File Overwrite

This script is Copyright (C) 2012-2013 Tenable Network Security, Inc.


Synopsis :

The remote Windows host has an ActiveX control that is affected by a
file overwrite vulnerability.

Description :

The install of the 2X ApplicationServer TuxSystem ActiveX control on
the remote host reportedly could be abused to create or overwrite
arbitrary files on the affected host using its 'ExportSettings()'
method.

By tricking a user into opening a specially crafted web page, a
remote, unauthenticated attacker can overwrite files on the affected
system subject to the user's privileges.

Solution :

Remove or disable the control as fixes are not available.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVSS Temporal Score : 3.7
(CVSS2#E:POC/RL:W/RC:ND)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 58484 ()

Bugtraq ID: 51856

CVE ID: CVE-2012-1065

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now