Dell DellSystemLite.Scanner ActiveX Control Multiple Vulnerabilities
Medium Nessus Plugin ID 52045
SynopsisThe remote Windows host has an ActiveX control that is affected by multiple vulnerabilities.
DescriptionThe DellSystemLite.Scanner ActiveX control, a component from Dell to determine relevant software for your system, installed on the remote Windows host reportedly is affected by multiple vulnerabilities :
- An input validation error exists in the 'GetData()' method can be exploited to disclose the contents of arbitrary text files via directory traversal specifiers passed to the 'fileID' parameter.
- The unsafe property 'WMIAttributesOfInterest' allows assigning arbitrary WMI Query Language statements that can be exploited to disclose system information.
SolutionRemove or disable the control as fixes are not available.