VisiWave Site Survey Report VWR File Handling Overflow

High Nessus Plugin ID 54644

Synopsis

The remote Windows host has an application that is affected by a file handling overflow vulnerability.

Description

The version of VisiWave Site Survey on the remote host is earlier than 2.1.9 and thus reportedly contains a file handling overflow. If an attacker provides a malicious VWR file and convinces a user to open it with VisiWave, VisiWave may execute malicious code in the context of the user.

Solution

Upgrade to version 2.1.9 or above.

See Also

http://www.nessus.org/u?b223c9f4

Plugin Details

Severity: High

ID: 54644

File Name: visiwave_2_1_9.nasl

Version: 1.11

Type: local

Agent: windows

Family: Windows

Published: 2011/05/25

Modified: 2018/08/06

Dependencies: 13855

Risk Information

Risk Factor: High

CVSSv2

Base Score: 9.3

Temporal Score: 7.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:visiwave:site_survey

Required KB Items: SMB/Registry/Enumerated

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2011/05/20

Vulnerability Publication Date: 2011/05/20

Exploitable With

Core Impact

Metasploit (VisiWave VWR File Parsing Vulnerability)

Reference Information

CVE: CVE-2011-2386

BID: 47948

EDB-ID: 17317

Secunia: 44636