Test Kennung:	1.3.6.1.4.1.25623.1.0.800245
Kategorie:	Buffer overflow
Titel:	Synactis All-In-The-Box ActiveX RCE Vulnerability
Zusammenfassung:	All-In-The-Box ActiveX is prone to a remote code execution (RCE) vulnerability.
Beschreibung:	Summary: All-In-The-Box ActiveX is prone to a remote code execution (RCE) vulnerability. Vulnerability Insight: This flaw is due to an ActiveX control All_In_The_Box.ocx providing insecure SaveDoc method. Vulnerability Impact: Successful exploitation will let the attacker overwrite arbitrary files on the system via a filename terminated by a NULL byte. Affected Software/OS: Synactis, All-In-The-Box ActiveX version 3.1.2.0 and prior. Solution: Upgrade to Synactis, All-In-The-Box ActiveX version 4.02 or later. Workaround: Set the Killbit for the vulnerable CLSID {B5576893-F948-4E0F-9BE1-A37CB56D66FF} CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2009-0465 BugTraq ID: 33535 http://www.securityfocus.com/bid/33535 https://www.exploit-db.com/exploits/7928 http://www.dsecrg.com/pages/vul/show.php?id=62 http://osvdb.org/51693 http://secunia.com/advisories/33728 http://www.vupen.com/english/advisories/2009/0298
Copyright	Copyright (C) 2009 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.