2X ApplicationServer TuxSystem ActiveX ExportSettings() Method Arbitrary File Overwrite
Medium Nessus Plugin ID 58484
SynopsisThe remote Windows host has an ActiveX control that is affected by a file overwrite vulnerability.
DescriptionThe install of the 2X ApplicationServer TuxSystem ActiveX control on the remote host reportedly could be abused to create or overwrite arbitrary files on the affected host using its 'ExportSettings()' method.
By tricking a user into opening a specially crafted web page, a remote, unauthenticated attacker can overwrite files on the affected system subject to the user's privileges.
SolutionRemove or disable the control as fixes are not available.