Flexera ISGrid ActiveX Control Remote Code Execution Vulnerabilities

This script is Copyright (C) 2012-2016 Tenable Network Security, Inc.


Synopsis :

The remote host has software installed that is affected by remote code
execution vulnerabilities.

Description :

The remote host has the Flexera ISGrid ActiveX control installed. The
control is affected by remote code execution vulnerabilities that can be
triggered via the 'bstrReplaceText()' and 'DoFindReplace()' methods. By
tricking a victim into visiting a specially crafted page, an attacker
may be able to execute arbitrary code on the host.

See also :

http://www.zerodayinitiative.com/advisories/ZDI-11-319/
http://www.zerodayinitiative.com/advisories/ZDI-12-180/
http://www.nessus.org/u?f940fbc9

Solution :

Apply the hotfix from Flexera.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.3
(CVSS2#E:POC/RL:OF/RC:C)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 62393 ()

Bugtraq ID: 50576
55267

CVE ID: CVE-2011-3174

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now