Detections
Analytics

AOL dnUpdater ActiveX dnu.exe Init() Method Remote Code Execution

high Nessus Plugin ID 61463

Language:

Synopsis

The remote host has an ActiveX control that is affected by a remote code execution vulnerability.

Description

The remote host has an install of the AOL dnUpdater ActiveX control (dnu.exe) prior to version 1.1.25.1. As such, it reportedly does not properly verify the function pointer passed by the 'pData' argument of the control's 'Init()' method.

A remote attacker could exploit this vulnerability by tricking a user into opening a specially crafted page that could execute arbitrary code subject to the user's privileges.

Note that this control reportedly is included with America Online's Toolbar, Desktop, and IM as well as Winamp.

Solution

Disable/remove the control or see the ZDI advisory for update instructions.

See Also

https://www.zerodayinitiative.com/advisories/ZDI-12-098/

https://seclists.org/bugtraq/2012/Jun/140

Plugin Details

Severity: High

ID: 61463

File Name: aol_dnupdater_activex_rce.nasl

Version: 1.7

Type: local

Agent: windows

Family: Windows

Published: 8/9/2012

Updated: 11/24/2020

Supported Sensors: Nessus Agent, Nessus

Risk Information

CVSS Score Rationale: Manual analysis of the vulnerability

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 6.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS Score Source: manual

Vulnerability Information

CPE: cpe:/a:aol:dnupdater

Required KB Items: SMB/Registry/Enumerated

Exploit Ease: No known exploits are available

Patch Publication Date: 6/21/2012

Vulnerability Publication Date: 6/21/2012

Reference Information

BID: 54146