Nessus Windows < 18.104.22.168 ScanCtrl ActiveX Multiple Method File Manipulation
High Nessus Plugin ID 25799
SynopsisThe remote Windows host has an ActiveX control that is affected by multiple issues.
DescriptionThe remote host contains the ScanCtrl ActiveX control, a part of Nessus for Windows.
The version of the ScanCtrl ActiveX control, installed as part of Nessus for Windows on the remote host, fails to validate input to several methods. If an attacker can trick a user on the affected host into visiting a specially crafted web page, this issue could be leveraged to delete or write to arbitrary files or even execute arbitrary code on the host subject to the user's privileges.
SolutionUpgrade to Nessus for Windows version 22.214.171.124 or later.