Lucene search
This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.FLEXERA_ISGRID2_ACTIVEX_RCE.NASLHistoryOct 02, 2012 - 12:00 a.m.
Flexera ISGrid ActiveX Control Remote Code Execution Vulnerabilities
2012-10-0200:00:00
This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
59
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
EPSS
0.939
Percentile
99.2%
The remote host has the Flexera ISGrid ActiveX control installed. The control is affected by remote code execution vulnerabilities that can be triggered via the ‘bstrReplaceText()’ and ‘DoFindReplace()’ methods. By tricking a victim into visiting a specially crafted page, an attacker may be able to execute arbitrary code on the host.
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(62393);
script_version("1.11");
script_cvs_date("Date: 2019/12/04");
script_cve_id("CVE-2011-3174");
script_bugtraq_id(50576, 55267);
script_name(english:"Flexera ISGrid ActiveX Control Remote Code Execution Vulnerabilities");
script_summary(english:"Checks version of ActiveX Control");
script_set_attribute(attribute:"synopsis", value:
"The remote host has software installed that is affected by remote code
execution vulnerabilities.");
script_set_attribute(attribute:"description", value:
"The remote host has the Flexera ISGrid ActiveX control installed. The
control is affected by remote code execution vulnerabilities that can be
triggered via the 'bstrReplaceText()' and 'DoFindReplace()' methods. By
tricking a victim into visiting a specially crafted page, an attacker
may be able to execute arbitrary code on the host.");
script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-11-319/");
script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-12-180/");
# http://kb.flexerasoftware.com/selfservice/viewContent.do?externalId=Q201079
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?f940fbc9");
script_set_attribute(attribute:"solution", value:
"Apply the hotfix from Flexera.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2011-3174");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploited_by_malware", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2011/10/19");
script_set_attribute(attribute:"patch_publication_date", value:"2011/10/19");
script_set_attribute(attribute:"plugin_publication_date", value:"2012/10/02");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"x-cpe:/a:flexera:adminstudio");
script_set_attribute(attribute:"cpe", value:"x-cpe:/a:flexera:installshield");
script_set_attribute(attribute:"cpe", value:"cpe:/a:novell:zenworks_configuration_management");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows");
script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("smb_hotfixes.nasl");
script_require_keys("SMB/Registry/Enumerated");
script_require_ports(139, 445);
exit(0);
}
include("audit.inc");
include("smb_func.inc");
include("smb_hotfixes.inc");
include("smb_hotfixes_fcheck.inc");
include("smb_activex_func.inc");
include("smb_reg_query.inc");
include("misc_func.inc");
get_kb_item_or_exit("SMB/Registry/Enumerated");
clsid = '{C03AAB45-221B-11D4-AB3A-00C04F09719C}';
if (activex_init() != ACX_OK) exit(1, "activex_init() failed.");
info = '';
fix = '18.0.0.329';
file = activex_get_filename(clsid:clsid);
if (isnull(file))
{
activex_end();
exit(1, "activex_get_filename() returned NULL.");
}
if (!file)
{
activex_end();
audit(AUDIT_ACTIVEX_NOT_FOUND, clsid);
}
# Get its version.
version = activex_get_fileversion(clsid:clsid);
if (!version)
{
activex_end();
audit(AUDIT_VER_FAIL, file);
}
if (ver_compare(ver:version, fix:fix) == -1)
{
if (report_paranoia > 1 || activex_get_killbit(clsid:clsid) == 0)
{
info += '\n Class identifier : ' + clsid +
'\n Filename : ' + file +
'\n Installed version : ' + version +
'\n Fixed version : ' + fix + '\n';
}
}
activex_end();
# Report findings.
if (info)
{
if (report_paranoia > 1)
{
report = info +
'\n' +
'Note, though, that Nessus did not check whether the kill bit was\n' +
"set for the control's CLSID because of the Report Paranoia setting" + '\n' +
'in effect when this scan was run.\n';
}
else
{
report = info +
'\n' +
'Moreover, its kill bit is not set so it is accessible via Internet\n' +
'Explorer.\n';
}
if (report_verbosity > 0) security_warning(port:kb_smb_transport(), extra:report);
else security_warning(kb_smb_transport());
exit(0);
}
else
{
if(ver_compare(ver:version, fix:fix) >= 0)
audit(AUDIT_INST_VER_NOT_VULN, file, version);
else
exit(0, "The " + file + " control is installed, but its kill bit is set.");
}
Related
cvelist
cvelist
CVE-2011-3174
2012-07-26 22:00:00
checkpoint_advisories
checkpoint_advisories
prion
prion
Buffer overflow
2012-07-26 22:55:00
zdi
zdi
cve
cve
CVE-2011-3174
2012-07-26 22:55:01
nvd
nvd
CVE-2011-3174
2012-07-26 22:55:01
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
EPSS
0.939
Percentile
99.2%
Related for FLEXERA_ISGRID2_ACTIVEX_RCE.NASL