Morovia Barcode ActiveX Control < 3.6.0 Arbitrary File Overwrite
High Nessus Plugin ID 35953
SynopsisThe remote Windows host has an ActiveX control that can be used to overwrite arbitrary files.
DescriptionThe version of the Morovia Barcode ActiveX control installed on the remote Windows host allows overwriting of arbitrary files via calls to the control's 'Save' and 'ExportImage' methods. If an attacker can trick a user on the affected host into viewing a specially crafted HTML document, he can leverage this issue to overwrite arbitrary files on the affected system subject to the user's privileges.
SolutionUpgrade to Morovia Barcode ActiveX 3.6.0 or later.