Summary
This script will list all the vulnerable activex controls installed on the remote windows machine with references and cause.
Impact
Successful exploitation will let the remote attackers execute arbitrary code, and can compromise a vulnerable system.
Impact Level: System
Solution
Apply the patch from below link,
http://support.microsoft.com/kb/2562937
Workaround:
Set the killbit for the following CLSIDs,
{B4CB50E4-0309-4906-86EA-10B6641C8392},
{E4F874A0-56ED-11D0-9C43-00A0C90F29FC},
{FB7FE605-A832-11D1-88A8-0000E8D220A6}
Insight
The flaws are due to error in restricting the SetLayoutData method, which fails to properly restrict the SetLayoutData method.
Affected
Microsoft Windows 7 Service Pack 1 and prior.
Microsoft Windows XP Service Pack 3 and prior.
Microsoft Windows 2003 Service Pack 2 and prior.
Microsoft Windows Vista Service Pack 2 and prior.
Microsoft Windows Server 2008 Service Pack 2 and prior.
References
Severity
Classification
-
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe Acrobat 9 PDF Document Encryption Weakness Vulnerability (Win)
- WS_FTP client weak stored password
- Microsoft Windows ActiveX Control Multiple Vulnerabilities (2820197)
- Microsoft .NET Framework 'RC4' Information Disclosure Vulnerability (2960358)
- Microsoft Windows Server 2003 OpenType Font Engine DoS Vulnerability