Office Viewer Component ActiveX (officeviewer.ocx) HttpDownloadFile Method Traversal Arbitrary File Overwrite
High Nessus Plugin ID 26013
SynopsisThe remote Windows host has an ActiveX control with an insecure method.
DescriptionThe remote host contains the Office Viewer Component, an ActiveX control for working with Microsoft Office documents.
The version of this control installed on the remote host reportedly contains an insecure method, 'HttpDownloadFile'. If an attacker can trick a user on the affected host into visiting a specially crafted web page, he may be able to use this method to place arbitrary files on the host subject to the user's privileges.
SolutionUpgrade to Office Viewer Component version 5.2 or later.