AVG 'ScriptHelperApi' ActiveX Remote Code Execution

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote Windows host has an ActiveX control that is affected by a
remote code execution vulnerability.

Description :

The remote host is running a version of AVG Secure Search toolbar /
AVG Safeguard, prior to version 18.1.7. The AVG ScriptHelperApi ActiveX
control distributed with the software is affected by a remote code
execution vulnerability. The installed ActiveX control fails to
properly enforce restrictions on websites that can invoke its methods.
An attacker may exploit this issue in order to execute arbitrary code
within the context of the application.

Solution :

Upgrade AVG Secure Search toolbar / AVG Safeguard to version
18.1.7.598 / 18.1.7.644 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.1
(CVSS2#E:ND/RL:OF/RC:ND)
Public Exploit Available : false

Family: Windows

Nessus Plugin ID: 76589 ()

Bugtraq ID: 68421

CVE ID: CVE-2014-2956

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now