Summary
This script will list all the vulnerable activex controls installed on the remote windows machine with references and cause.
Impact
Successful exploitation will let the remote attackers execute arbitrary code, and can compromise a vulnerable system.
Impact Level: System/Application
Solution
Apply the patch from below link,
http://support.microsoft.com/kb/2647518
Workaround:
Set the killbit for the following CLSIDs,
{6e84d662-9599-11d2-9367-20cc03c10627},
{7e00a3b0-8f5c-11d2-baa4-04f205c10000},
{4ba9089c-ddfc-4206-b937-74484b06d305},
{A3CD4BF9-EC17-47A4-833C-50A324D6FF35},
{57733FF6-E100-4A4B-A7D1-A85AD17ABC54},
{9B8E377B-7291-491A-B611-BB3E1D5F99F0},
{ee5e14b0-4abf-409e-9c39-74f3d35bd85a},
{b34b19f4-7ebe-46cb-807c-746e72ebb4b6},
{7a7b986c-31e9-4286-88ca-b9dc481ca989},
{8290cb76-9f61-458b-ad2c-3f6fd2e8cd7d},
{dd7b057d-9020-4630-baf8-7a0cda04588d},
{fc7F9cc6-e049-4698-8a25-59ad87c7dce2}.
Insight
The flaws are due to errors in the handling of Biostat SamplePower, Blueberry Software Flashback Component and HP Photo Creative ActiveX controls.
Affected
Microsoft Windows 7 Service Pack 1 and prior
Microsoft Windows XP Service Pack 3 and prior
Microsoft Windows 2003 Service Pack 2 and prior
Microsoft Windows Vista Service Pack 2 and prior
Microsoft Windows Server 2008 Service Pack 2 and prior
References
Severity
Classification
-
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Microsoft Office Products Insecure Library Loading Vulnerability
- Microsoft Windows Progman Group Converter Insecure Library Loading Vulnerability
- Sophos Anti Virus Check
- Microsoft Windows ActiveX Control Multiple Vulnerabilities (2562937)
- Microsoft Excel 2007 Office Drawing Layer Remote Code Execution Vulnerability