IDA Pro IDB Loader Code Execution
High Nessus Plugin ID 69180
SynopsisThe remote host has an application installed that is affected by a code execution vulnerability.
DescriptionThe version of IDA Pro, an interactive disassembler installed on the remote host, is between versions 6.1 and 6.7. It is, therefore, affected by a code execution vulnerability. A remote attacker can exploit this, by convincing a user into loading a specially crafted IDB (IDA database) file into IDA Pro, to execute arbitrary code.
The vulnerability is mitigated by an IDA plugin (btval.plw), which was not detected.
SolutionDownload and install the btval plugins (and any other included files) from the referenced vendor advisory.