Advantech WebAccess Multiple BWOCXRUN.OCX ActiveX Vulnerabilities
High Nessus Plugin ID 73641
SynopsisThe remote host is affected by multiple vulnerabilities.
DescriptionThe remote host has an ActiveX control (BWOCXRUN.OCX) installed that is affected by multiple vulnerabilities :
- Multiple methods all allow remote attackers to read arbitrary files. (CVE-2014-0771, CVE-2014-0772)
- The CreateProcess method allows certain executable names to be run from arbitrary path names. (CVE-2014-0773)
SolutionUpgrade to Advantech WebAccess version 7.2 or higher.