Flexera AdminStudio LaunchProcess Function ActiveX Control Remote Command Execution
High Nessus Plugin ID 62392
SynopsisThe remote host has software installed that is affected by a remote command execution vulnerability.
DescriptionThe remote host has the Flexera AdminStudio LaunchHelp ActiveX control installed. The control is affected by a remote command execution vulnerability that can be triggered by sending a directory traversal string to the 'LaunchProcess()' function.
By tricking a victim into visiting a specially crafted page, an attacker may be able to execute arbitrary commands on the host subject to the privileges of the user.
SolutionApply the hotfix from Flexera.