ID de Prueba:	1.3.6.1.4.1.25623.1.0.800245
Categoría:	Buffer overflow
Título:	Synactis All-In-The-Box ActiveX RCE Vulnerability
Resumen:	All-In-The-Box ActiveX is prone to a remote code execution (RCE) vulnerability.
Descripción:	Summary: All-In-The-Box ActiveX is prone to a remote code execution (RCE) vulnerability. Vulnerability Insight: This flaw is due to an ActiveX control All_In_The_Box.ocx providing insecure SaveDoc method. Vulnerability Impact: Successful exploitation will let the attacker overwrite arbitrary files on the system via a filename terminated by a NULL byte. Affected Software/OS: Synactis, All-In-The-Box ActiveX version 3.1.2.0 and prior. Solution: Upgrade to Synactis, All-In-The-Box ActiveX version 4.02 or later. Workaround: Set the Killbit for the vulnerable CLSID {B5576893-F948-4E0F-9BE1-A37CB56D66FF} CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-0465 BugTraq ID: 33535 http://www.securityfocus.com/bid/33535 https://www.exploit-db.com/exploits/7928 http://www.dsecrg.com/pages/vul/show.php?id=62 http://osvdb.org/51693 http://secunia.com/advisories/33728 http://www.vupen.com/english/advisories/2009/0298
Copyright	Copyright (C) 2009 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.