HTTP: Nessus Vulnerability Scanner 3.0.6 ActiveX Vulnerability
This signature detects attempts to exploit a known vulnerability against the Nessus Vulnerability Scanner. An attacker can create malicious Web pages, which if visited by a victim, can lead to the attacker gaining control of the victim's client browser.
Extended Description
Nessus SCANCTRL.ScanCtrlCtrl.1 ActiveX control is prone to multiple vulnerabilities. An attacker can exploit these issues to overwrite or delete arbitrary files on a victim's computer in the context of the vulnerable application using the ActiveX control (typically Internet Explorer). Attackers can also upload arbitrary files. Successful exploits will allow attackers to cause denial-of-service conditions and corrupt sensitive data; other consequences resulting from placing a malicious file on the system are also possible. These issues affect Nessus 3.0.6; other versions may also be affected.
Affected Products
Nessus nessus
References
BugTraq: 25088
CVE: CVE-2007-4031
URL: http://www.frsirt.com/english/advisories/2007/2680 http://securitytracker.com/id?1018469
Short Name
HTTP:STC:CLSID:ACTIVEX:NESSCAN
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
3.0.6 ActiveX CVE-2007-4031 Nessus Scanner Vulnerability bid:25088
Release Date
08/30/2007
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Nessus
CVSS Score
7.8