MW6 Technologies ActiveX Multiple Buffer Overflows

This script is Copyright (C) 2014-2016 Tenable Network Security, Inc.


Synopsis :

The remote Windows host has one or more ActiveX controls installed that
are affected by multiple buffer overflow vulnerabilities.

Description :

The remote Windows host has one or more ActiveX controls from MW6
Technologies ActiveX controls that are affected by multiple buffer
overflow vulnerabilities. Specifically, these involve the 'Data'
parameter as used in the Aztec, DataMatrix, and MaxiCode controls, and
successful exploitation could lead to arbitrary code execution.

See also :

http://seclists.org/fulldisclosure/2014/Jan/137
http://support.microsoft.com/kb/240797

Solution :

There are currently no known fixes; as a workaround, set the kill bit
on the affected ActiveX controls.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.0
(CVSS2#E:POC/RL:W/RC:ND)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 72179 ()

Bugtraq ID: 65038

CVE ID: CVE-2013-6040

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now