PhotoParade Player PhPInfo ActiveX (PhPCtrl.dll) FileVersionof Property Overflow
High Nessus Plugin ID 26025
SynopsisThe remote Windows host has an ActiveX control that is affected by a buffer overflow vulnerability.
DescriptionThe remote host contains the PhPInfo ActiveX control, included with the PhotoParade Player software for creating slideshows of digital pictures.
The version of this control installed on the remote host reportedly contains an unspecified overflow in its 'FileVersionOf' property that could lead to arbitrary code execution on the affected system. Successful exploitation requires that an attacker trick a user on the affected host into visiting a specially crafted web page.
SolutionDisable the use of this ActiveX control from within Internet Explorer by setting its kill bit or remove it completely.