StudioLine Photo Basic NMSDVDXU.dll ActiveX EnableLog() Arbitrary File Overwrite
Medium Nessus Plugin ID 60022
SynopsisThe remote host has software installed that is affected by an arbitrary file overwrite vulnerability.
DescriptionThe remote host has a version of StudioLine Photo Basic less than or equal to 18.104.22.168 installed. Such versions are affected by an arbitrary file overwrite vulnerability in the EnableLog() method on the NMSDVDXU.dll ActiveX control.
By tricking a victim into opening a specially crafted web page, an attacker could overwrite arbitrary files on the remote host subject to the user's privileges.
SolutionUpgrade to a version of StudioLine Photo Basic greater than 22.214.171.124 or remove / disable the vulnerable ActiveX control.