AOL dnUpdater ActiveX dnu.exe Init() Method Remote Code Execution

This script is Copyright (C) 2012-2016 Tenable Network Security, Inc.

Synopsis :

The remote host has an ActiveX control that is affected by a remote
code execution vulnerability.

Description :

The remote host has an install of the AOL dnUpdater ActiveX control
(dnu.exe) prior to version As such, it reportedly does not
properly verify the function pointer passed by the 'pData' argument of
the control's 'Init()' method.

A remote attacker could exploit this vulnerability by tricking a user
into opening a specially crafted page that could execute arbitrary
code subject to the user's privileges.

Note that this control reportedly is included with America Online's
Toolbar, Desktop, and IM as well as Winamp.

See also :

Solution :

Disable/remove the control or see the ZDI advisory for update

Risk factor :

High / CVSS Base Score : 9.3
CVSS Temporal Score : 6.9
Public Exploit Available : false

Family: Windows

Nessus Plugin ID: 61463 ()

Bugtraq ID: 54146


Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now