Symantec Fax Viewer Control ActiveX Control AppendFax Overflow
High Nessus Plugin ID 38652
SynopsisThe remote Windows host has an ActiveX control that is affected by a buffer overflow vulnerability.
DescriptionThe version of the Symantec Fax Viewer Control ActiveX control, a component included with Symantec Winfax Pro and installed on the remote Windows host, reportedly contains a stack-based buffer overflow that can be triggered by calling the 'AppendFax' method with an overly long argument. If an attacker can trick a user on the affected host into viewing a specially crafted HTML document, he can leverage this issue to execute arbitrary code on the affected system subject to the user's privileges.
SolutionRemove the affected software as it is no longer supported by Symantec.