IBM Tivoli Provisioning Manager Express for Software Distribution Isig.isigCtl.1 ActiveX RunAndUploadFile Method Boundary Error Remote Overflow
High Nessus Plugin ID 58389
SynopsisThe remote Windows host has an ActiveX control installed that is affected by a buffer overflow vulnerability.
DescriptionThe remote host has the IBM Tivoli Provisioning Manager Express for Software Distribution Isig.isigCtl.1 ActiveX control installed. This control fails to properly parse data supplied to the 'RunAndUploadFile()' function due to an unsafe call to 'strcat', which can lead to a stack-based buffer overflow.
By tricking a user into opening a specially crafted web page, a remote, unauthenticated attacker could execute arbitrary code on the remote host subject to the user's privileges.
SolutionRemove or disable the control as fixes are not available.