KeyWorks KeyHelp ActiveX Control Multiple Vulnerabilities

This script is Copyright (C) 2012-2017 Tenable Network Security, Inc.


Synopsis :

The remote host has an ActiveX control installed that has multiple
vulnerabilities.

Description :

The remote host has KeyWorks KeyHelp ActiveX control installed, which
is affected by multiple vulnerabilities :

- Multiple stack-based buffer overflows exist that could
allow an attacker to execute arbitrary code.
(CVE-2012-2515)

- An unspecified command injection vulnerability.
(CVE-2012-2516)

See also :

http://www.nessus.org/u?8facea87
http://sotiriu.de/adv/NSOADV-2010-008.txt

Solution :

Remove or disable the control as it is no longer supported.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.8
(CVSS2#E:F/RL:ND/RC:ND)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 62311 ()

Bugtraq ID: 36546
40969
55265

CVE ID: CVE-2012-2515
CVE-2012-2516

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now