HP Virtual Rooms Client < 7.0.1 ActiveX Control Dangerous Methods
High Nessus Plugin ID 35804
SynopsisThe remote Windows host has an ActiveX control that fails to restrict access to dangerous methods.
DescriptionHP Virtual Rooms client is installed on the remote system. An ActiveX control included with the client and provided by a file with a name such as 'HPVirtualRooms32.dll' contains several dangerous methods. By tricking a user into viewing a specially crafted HTML document, it may be possible for an attacker to use these methods to execute arbitrary code on the remote system subject to the user's privileges.
SolutionUpgrade to HP Virtual Rooms client version 7.0.1.