Dell DellSystemLite.Scanner ActiveX Control Multiple Vulnerabilities

Medium Nessus Plugin ID 52045

Synopsis

The remote Windows host has an ActiveX control that is affected by multiple vulnerabilities.

Description

The DellSystemLite.Scanner ActiveX control, a component from Dell to determine relevant software for your system, installed on the remote Windows host reportedly is affected by multiple vulnerabilities :

- An input validation error exists in the 'GetData()' method can be exploited to disclose the contents of arbitrary text files via directory traversal specifiers passed to the 'fileID' parameter.

- The unsafe property 'WMIAttributesOfInterest' allows assigning arbitrary WMI Query Language statements that can be exploited to disclose system information.

Solution

Remove or disable the control as fixes are not available.

See Also

http://secunia.com/secunia_research/2011-10/

http://secunia.com/secunia_research/2011-11/

Plugin Details

Severity: Medium

ID: 52045

File Name: dell_systemlitescanner_activex.nasl

Version: 1.6

Type: local

Agent: windows

Family: Windows

Published: 2011/02/21

Modified: 2018/07/10

Dependencies: 13855

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 4.3

Temporal Score: 3.2

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:dell:dellsystemlite.scanner_activex_control

Required KB Items: SMB/Registry/Enumerated

Exploit Available: false

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 2011/02/18

Reference Information

CVE: CVE-2011-0329, CVE-2011-0330

BID: 46443

Secunia: 42880