|
|
|
|
|
|
|
| |
Corel ActiveCGM Browser ActiveX (acqm.dll) Multiple Overflows |
|
| This script is Copyright (C) 2007-2010 Tenable Network Security, Inc. |
|
|
| Family | Windows |
| Nessus Plugin ID | 25494 (corel_activecgm_overflows.nasl) |
| Bugtraq ID | 24464
|
| CVE ID | CVE-2007-2921
|
|
| Description: |
Synopsis :
The remote Windows host has an ActiveX control that is susceptible to
multiple buffer overflow attacks.
Description :
The remote host contains the ActiveCGM ActiveX control, which supports
viewing of CGM files in a web browser.
The version of this control on the remote host is reportedly affected
by multiple buffer overflows. If an attacker can trick a user on the
affected host into visiting a specially-crafted web page, he may be
able to leverage these issues to execute arbitrary code on the host
subject to the user's privileges.
See also :
http://www.kb.cert.org/vuls/id/983249
Solution :
Either disable the use of this ActiveX control from within Internet
Explorer by setting its 'kill' bit or contact the vendor to upgrade it
to version 7.1.4.19 or later.
Risk factor :
High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
|
|
|
|
|
|
