Microsys PROMOTIC < 8.1.5 Multiple Vulnerabilities
High Nessus Plugin ID 58953
SynopsisThe remote Windows host has an application affected by multiple vulnerabilities.
DescriptionThe remote Windows host has a version of Microsys PROMOTIC installed that is less than 8.1.5. Such versions are affected by multiple vulnerabilities, including:
- The 'GetPromoticSite()' method of the ActiveX Control 'pmtable.ocx' can reference an uninitialized pointer in certain situations.
- A directory traversal vulnerability may be exploited by sending a specially crafted request to the web server running on port 80. (CVE-2011-4518)
- A stack overflow vulnerability affecting the SafeCfg() method of the PmTrendViewer ActiveX control.
- A heap overflow vulnerability affecting the AddTrend() method of the PmTrendViewer ActiveX control.
SolutionUpgrade to Microsys PROMOTIC 8.1.5 or later.