SynopsisThe remote Windows host has an ActiveX control that is affected by multiple buffer overflow vulnerabilities.
DescriptionThe remote host contains the 3DGreetings Player ActiveX control from Broderbund / Expressit.com used to display 3D greeting cards.
The version of this control installed on the remote host reportedly contains multiple stack-based buffer overflows. If an attacker can trick a user on the affected host into visiting a specially crafted web page, this issue could be leveraged to execute arbitrary code on the host subject to the user's privileges.
SolutionDisable the use of this ActiveX control from within Internet Explorer by setting its kill bit or remove it completely.
File Name: 3dgreetings_player_activex_overflows.nasl
Supported Sensors: Nessus Agent
Temporal Vector: E:U/RL:OF/RC:C
Required KB Items: SMB/Registry/Enumerated
Exploit Ease: No known exploits are available
Vulnerability Publication Date: 9/5/2007