Anzio Web Print Object (WePO) ActiveX mainurl Parameter Buffer Overflow
High Nessus Plugin ID 34021
SynopsisThe remote Windows host has an ActiveX component that is susceptible to a buffer overflow attack.
DescriptionThe remote host contains the Anzio Web Print Object (WePO) ActiveX component, which is used for 'push' printing from a web page or application.
The version of the control installed on the remote host reportedly contains a stack-based buffer overflow that can be triggered by passing long values of its 'mainurl' parameter. If an attacker can trick a user on the affected host into viewing a specially crafted HTML document, this method could be used to execute arbitrary code on the affected system subject to the user's privileges.
SolutionUpgrade to Anzio Web Print Object 3.2.30 or later.