AOL dnUpdater ActiveX dnu.exe Init() Method Remote Code Execution

This script is Copyright (C) 2012-2016 Tenable Network Security, Inc.


Synopsis :

The remote host has an ActiveX control that is affected by a remote
code execution vulnerability.

Description :

The remote host has an install of the AOL dnUpdater ActiveX control
(dnu.exe) prior to version 1.1.25.1. As such, it reportedly does not
properly verify the function pointer passed by the 'pData' argument of
the control's 'Init()' method.

A remote attacker could exploit this vulnerability by tricking a user
into opening a specially crafted page that could execute arbitrary
code subject to the user's privileges.

Note that this control reportedly is included with America Online's
Toolbar, Desktop, and IM as well as Winamp.

See also :

http://www.zerodayinitiative.com/advisories/ZDI-12-098/
http://seclists.org/bugtraq/2012/Jun/140

Solution :

Disable/remove the control or see the ZDI advisory for update
instructions.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.9
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Windows

Nessus Plugin ID: 61463 ()

Bugtraq ID: 54146

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now