RealPage Module Upload ActiveX Control Multiple Vulnerabilities
High Nessus Plugin ID 50434
SynopsisThe remote Windows host has an ActiveX control that is affected by multiple vulnerabilities.
DescriptionThe RealPage Module Upload ActiveX control, used with RealPage's OneSite Property Management Systems software and installed on the remote Windows host, reportedly is affected by several vulnerabilities :
- The 'Upload' method in combination with the 'SourceFile' and 'DestURL' properties can be abused to upload arbitrary files from a user's system to a web server. (CVE-2010-2584)
- By setting a long 'SourceFile' or 'DestURL' property value, an attack can trigger a buffer overflow and possibly execute arbitrary code. (CVE-2010-2585)
SolutionUpgrade to version 18.104.22.168 or later.