Detections
Analytics

VisiWave Site Survey Report VWR File Handling Overflow

high Nessus Plugin ID 54644

Language:

Synopsis

The remote Windows host has an application that is affected by a file handling overflow vulnerability.

Description

The version of VisiWave Site Survey on the remote host is earlier than 2.1.9 and thus reportedly contains a file handling overflow. If an attacker provides a malicious VWR file and convinces a user to open it with VisiWave, VisiWave may execute malicious code in the context of the user.

Solution

Upgrade to version 2.1.9 or above.

See Also

http://www.nessus.org/u?b223c9f4

Plugin Details

Severity: High

ID: 54644

File Name: visiwave_2_1_9.nasl

Version: 1.11

Type: local

Agent: windows

Family: Windows

Published: 5/25/2011

Updated: 8/6/2018

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 7.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:visiwave:site_survey

Required KB Items: SMB/Registry/Enumerated

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 5/20/2011

Vulnerability Publication Date: 5/20/2011

Exploitable With

Core Impact

Metasploit (VisiWave VWR File Parsing Vulnerability)

Reference Information

CVE: CVE-2011-2386

BID: 47948

Secunia: 44636