Signature Detail
Short Name |
HTTP:STC:CLSID:ACTIVEX:NESSCAN |
|---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Nessus Vulnerability Scanner 3.0.6 ActiveX Vulnerability |
Release Date |
2007/08/30 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: Nessus Vulnerability Scanner 3.0.6 ActiveX Vulnerability
This signature detects attempts to exploit a known vulnerability against the Nessus Vulnerability Scanner. An attacker can create malicious Web pages, which if visited by a victim, can lead to the attacker gaining control of the victim's client browser.
Extended Description
Nessus SCANCTRL.ScanCtrlCtrl.1 ActiveX control is prone to multiple vulnerabilities. An attacker can exploit these issues to overwrite or delete arbitrary files on a victim's computer in the context of the vulnerable application using the ActiveX control (typically Internet Explorer). Attackers can also upload arbitrary files. Successful exploits will allow attackers to cause denial-of-service conditions and corrupt sensitive data; other consequences resulting from placing a malicious file on the system are also possible. These issues affect Nessus 3.0.6; other versions may also be affected.
Affected Products
- Nessus 3.0.6
References
- BugTraq: 25088
- CVE: CVE-2007-4031
- URL: http://www.frsirt.com/english/advisories/2007/2680
- URL: http://securitytracker.com/id?1018469