Summary
This script will list all the vulnerable activex controls installed on the remote windows machine with references and cause.
Impact
Successful exploitation will let the remote attackers execute arbitrary code, and can compromise a vulnerable system.
Impact Level: System
Solution
Apply the patch from below link,
http://support.microsoft.com/kb/2562937
Workaround:
Set the killbit for the following CLSIDs,
{B4CB50E4-0309-4906-86EA-10B6641C8392},
{E4F874A0-56ED-11D0-9C43-00A0C90F29FC},
{FB7FE605-A832-11D1-88A8-0000E8D220A6}
Insight
The flaws are due to error in restricting the SetLayoutData method, which fails to properly restrict the SetLayoutData method.
Affected
Microsoft Windows 7 Service Pack 1 and prior.
Microsoft Windows XP Service Pack 3 and prior.
Microsoft Windows 2003 Service Pack 2 and prior.
Microsoft Windows Vista Service Pack 2 and prior.
Microsoft Windows Server 2008 Service Pack 2 and prior.
References
Severity
Classification
-
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe Flash Player 9.0.115.0 and earlier vulnerability (Win)
- PuTTY window title escape character arbitrary command execution
- Microsoft Remote Desktop Protocol Security Advisory (2861855)
- MS Internet Explorer 'VBScript' Remote Code Execution Vulnerability
- Microsoft Sidebar and Gadgets Remote Code Execution Vulnerability (2719662)