Data Dynamics ActiveBar ActiveX Controls Code Execution

High Nessus Plugin ID 54841


The remote Windows host has an ActiveX control installed that is affected by a code execution vulnerability.


One or more of the Data Dynamics ActiveBar ActiveX controls installed on the remote Windows host is affected by a code execution vulnerability due to unspecified issues in the 'Save()', 'SaveLayoutChanges()', 'SaveMenuUsageData()', and 'SetLayoutData()' methods.

Note that Data Dynamics ActiveBar is bundled with IBM Rational System Architect.


Multiple solutions exist to resolve this vulnerability :

- Upgrade to IBM Rational System Architect (eGA 29 April 2011) / (eGA 29 April 2011) or later.

- Install Microsoft KB2562937 (Update Rollup for ActiveX Kill Bits).

- Disable the use of the vulnerable ActiveX controls within Internet Explorer per the IBM advisory.

- Disable all ActiveX controls in the Internet Zone.

See Also

Plugin Details

Severity: High

ID: 54841

File Name: data_dynamics_activebar_activex.nasl

Version: $Revision: 1.10 $

Type: local

Agent: windows

Family: Windows

Published: 2011/05/27

Modified: 2016/12/07

Dependencies: 13855

Risk Information

Risk Factor: High


Base Score: 9.3

Temporal Score: 8.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:U/RC:ND


Base Score: 9.6

Temporal Score: 9.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:U/RC:X

Vulnerability Information

CPE: cpe:/a:datadynamics:activebar, cpe:/a:ibm:rational_system_architect

Required KB Items: SMB/Registry/Enumerated

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 2007/07/17

Reference Information

CVE: CVE-2007-3883, CVE-2011-1207

BID: 24959, 47643

OSVDB: 37692, 72136

Secunia: 26098, 43399, 43474

EDB-ID: 4190, 5395