I-Nav VUpdater.Install ActiveX Buffer Overflow
High Nessus Plugin ID 21336
SynopsisThe remote Windows host has an ActiveX control that is affected by a buffer overflow vulnerability.
DescriptionThe remote host contains an ActiveX control, 'VUpdater.Install', associated with Verisign I-Nav, which provides support for Internationalized Domain Names in Microsoft Internet Explorer, Outlook and Outlook Express that reportedly contains a buffer overflow vulnerability that arises when processing CAB files. A remote attacker may be able to leverage this issue to specify an arbitrary executable to be run subject to the privileges of the current user.
SolutionDownload the latest version of the software from the vendor.