Synactis All-In-The-Box ActiveX Remote Code Execution Vulnerability Network Vulnerability

Summary

This host is installed with All-In-The-Box ActiveX and is prone to Remote Code Execution Vulnerability.

Impact

Successful exploitation will let the attacker overwrite arbitrary files on the system via a filename terminated by a NULL byte. Impact Level: System/Application

Solution

Upgrade to Synactis, All-In-The-Box ActiveX version 4.02 or later For updates refer to http://synactis.com/pdf-in-the-box-downloads.asp

Insight

This flaw is due to an ActiveX control All_In_The_Box.ocx providing insecure SaveDoc method.

Affected

Synactis, All-In-The-Box ActiveX version 3.1.2.0 and prior. Workaround: Set the Killbit for the vulnerable CLSID {B5576893-F948-4E0F-9BE1-A37CB56D66FF} http://support.microsoft.com/kb/240797

References

http://secunia.com/advisories/33728
http://www.dsecrg.com/pages/vul/show.php?id=62

Updated on 2017-03-28

Severity

Classification

CVE CVE-2009-0465

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

DATAC RealWin SCADA Server On_FC_CONNECT_FCS_a_FILE Buffer Overflow Vulnerability
Adobe Reader Integer Overflow Vulnerability - Jan 12 (Linux)
BreakPoint Software, Hex Workshop Buffer Overflow vulnerability
ActiveFax RAW Server Multiple Buffer Overflow Vulnerabilities
Adobe Shockwave Player ActiveX Control BOF Vulnerability

Take action and discover your vulnerabilities