NTR ActiveX Control < 126.96.36.199 Multiple Vulnerabilities
High Nessus Plugin ID 57556
SynopsisAn ActiveX control installed on the remote Windows host is affected by multiple vulnerabilities.
DescriptionAt least one version of the NTR ActiveX control installed on the remote Windows host is earlier than 188.8.131.52. As such, it reportedly is affected by the following vulnerabilities :
- Four stack-based buffer overflows exist involving the 'bstrUrl' parameter of the 'StartModule()' method, the 'bstrParams' parameter of the 'Check()' method, and the 'bstrUrl' parameter of the 'Download()' and 'DownloadModule()' methods. (CVE-2012-0266)
- An input validation vulnerability exists involving the 'iModule' parameter of the 'StopModule()' method.
If an attacker can trick a user on the affected host into visiting a specially crafted web page, these issues could be leveraged to execute arbitrary code on the host subject to the user's privileges.
SolutionUpgrade affected installs to version 184.108.40.206 or later as that reportedly resolves the vulnerability.