WEBGATE ActiveX Controls Multiple Buffer Overflows

This script is Copyright (C) 2015-2017 Tenable Network Security, Inc.


Synopsis :

The remote Windows host contains at least one ActiveX control that is
affected by buffer overflow vulnerabilities.

Description :

The remote host contains one or more of the following WEBGATE ActiveX
controls :

- Control Center :
- FileConverter.FileConverterCtrl.1
- LoginContoller.LoginControllerCtrl.1
- WESPDiscovery.WESPDiscoveryCtrl.1
- WESPPlayback.WESPPlaybackCtrl.1

- eDVR Manager :
- WESPDiscovery.WESPDiscoveryCtrl.1
- WESPEvent.WESPEventCtrl.1
- WESPMonitor.WESPMonitorCtrl.1
- WESPPTZ.WESPPTZCtrl.1
- WESPPlayback.WESPPlaybackCtrl.1
- WESPSerialPort.WESPSerialPortCtrl.1

- Web Camera Server Audio :
- WebEyeAudio.OCX

- WinRDS :
- WESPPlayback.WESPPlaybackCtrl.1

These controls are reportedly affected by multiple buffer overflows
that allow an attacker to execute arbitrary code.

See also :

http://www.zerodayinitiative.com/advisories/ZDI-15-054
http://www.zerodayinitiative.com/advisories/ZDI-15-055
http://www.zerodayinitiative.com/advisories/ZDI-15-056
http://www.zerodayinitiative.com/advisories/ZDI-15-057
http://www.zerodayinitiative.com/advisories/ZDI-15-058
http://www.zerodayinitiative.com/advisories/ZDI-15-059
http://www.zerodayinitiative.com/advisories/ZDI-15-060
http://www.zerodayinitiative.com/advisories/ZDI-15-061
http://www.zerodayinitiative.com/advisories/ZDI-15-062
http://www.zerodayinitiative.com/advisories/ZDI-15-063
http://www.zerodayinitiative.com/advisories/ZDI-15-064
http://www.zerodayinitiative.com/advisories/ZDI-15-065
http://www.zerodayinitiative.com/advisories/ZDI-15-066
http://www.zerodayinitiative.com/advisories/ZDI-15-067
http://www.zerodayinitiative.com/advisories/ZDI-15-068
http://www.zerodayinitiative.com/advisories/ZDI-15-069
http://www.zerodayinitiative.com/advisories/ZDI-15-070
http://www.zerodayinitiative.com/advisories/ZDI-15-071
http://www.zerodayinitiative.com/advisories/ZDI-15-072
http://www.zerodayinitiative.com/advisories/ZDI-15-073
http://www.zerodayinitiative.com/advisories/ZDI-15-074

Solution :

Disable the offending ActiveX controls or uninstall the software that
provided the controls.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.8
(CVSS2#E:F/RL:U/RC:ND)
Public Exploit Available : true

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now