Executive Summary
Summary | |
---|---|
Title | Acer AcerCtrls.APlunch ActiveX Control fails to properly restrict access to methods |
Informations | |||
---|---|---|---|
Name | VU#485961 | First vendor Publication | 2009-08-18 |
Vendor | VU-CERT | Last vendor Modification | 2009-08-18 |
Severity (Vendor) | N/A | Revision | M |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Vulnerability Note VU#485961Acer AcerCtrls.APlunch ActiveX Control fails to properly restrict access to methodsOverviewThe Acer AcerCtrls.APlunch ActiveX control contains methods that can allow a remote, unauthenticated attacker to run arbitrary commands on a vulnerable system.I. DescriptionThe Acer AcerCtrls.APlunch ActiveX control is provided by acerctrl.ocx. It contains a method called Run(), which takes two parameters: Driveand FileName. Although the control is not inherently marked as safe for scripting via the IObjectSafety interface, it may be distributed with the appropriate Implemented Categories registry key to make it safe for scripting. This means that a web page in Internet Explorer can call the Run() method of the control.Note that this vulnerability is similar to but not the same issue as VU#221700. This control has different parameters and uses a different CLSID that is not included in the killbits provided with Microsoft Security Bulletin MS07-027.
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerActiveX Compatibility{3895DD35-7573-11D2-8FED-00606730D3AA}] "Compatibility Flags"=dword:00000400 [HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftInternet ExplorerActiveX Compatibility{3895DD35-7573-11D2-8FED-00606730D3AA}] "Compatibility Flags"=dword:00000400 Disabling ActiveX controls in the Internet Zone (or any zone used by an attacker) appears to prevent exploitation of this and other ActiveX vulnerabilities. Instructions for disabling ActiveX in the Internet Zone can be found in the "Securing Your Web Browser" document. Systems Affected
Referenceshttp://www.kb.cert.org/vuls/id/221700 Thanks to Michael Costa of Crosshair Information Technology & Security LLC for reporting this vulnerability. This document was written by Will Dormann.
|
Original Source
Url : http://www.kb.cert.org/vuls/id/485961 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 1 |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
57201 | Acer AcerCtrls.APlunch ActiveX (acerctrl.ocx) Run Method Arbitrary Local File... |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | AcerCtrls.APlunch ActiveX clsid unicode access RuleID : 15879 - Revision : 4 - Type : WEB-ACTIVEX |
2014-01-10 | AcerCtrls.APlunch ActiveX clsid access RuleID : 15878 - Revision : 9 - Type : BROWSER-PLUGINS |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2009-08-21 | Name : The remote Windows host has an ActiveX control that allows arbitrary code exe... File : acer_acerctrls_aplunch_cmd_exec.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 12:07:52 |
|
2014-01-19 21:31:03 |
|
2013-05-11 00:57:08 |
|