Advantech WebAccess < 7.0-2011.08.27 Multiple ActiveX RCE
Medium Nessus Plugin ID 85543
SynopsisThe remote host has multiple ActiveX controls installed that are affected by remote code execution vulnerabilities.
DescriptionThe version of Advantech WebAccess running on the remote host is prior to 7.0-2011.08.27. Therefore, it includes the ActiveX controls webdobj.dll and bwscript.dll. These ActiveX controls contain buffer overflow conditions due to improper validation of user-supplied input.
A remote attacker, using a specially crafted web page, can exploit these to cause a buffer overflow, potentially resulting in the execution of arbitrary code.
SolutionUpgrade to Advantech WebAccess version 7.0-2011.08.27 or later.