iMesh IMWeb.IMWebControl ActiveX (IMWeb.dll) SetHandler Method Arbitrary Code Execution
High Nessus Plugin ID 31050
SynopsisThe remote Windows host has an ActiveX control that allows arbitrary command execution.
DescriptionThe IMWeb.IMWebControl.1 ActiveX control, included with the IMesh peer-to-peer file sharing application, is installed on the remote host. It reportedly allows arbitrary command execution through its 'SetHandler' method. If a remote attacker can trick a user on the affected host into visiting a specially crafted web page, he may be able to leverage this issue to execute arbitrary code on the affected host subject to the user's privileges.
SolutionUnknown at this time.