MarkAny Content SAFER ActiveX Arbitrary Download and Execution

This script is Copyright (C) 2012-2013 Tenable Network Security, Inc.


Synopsis :

The remote host has software installed that is affected by an arbitrary
file write vulnerability.

Description :

The remote host has the MarkAny Content SAFER ActiveX control
installed, which is distributed with Samsung KIES. It is affected by an
arbitrary file write vulnerability that is triggered during the parsing
of a method call. This may allow attackers to overwrite or download
arbitrary files.

See also :

http://www.markany.com/en/?p=2307

Solution :

Upgrade to MarkAny Content SAFER version 1.4.2012.508 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.7
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 63268 ()

Bugtraq ID: 55192

CVE ID: CVE-2012-2990

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now