JVN#33283707: ActiveScriptRuby vulnerable to arbitrary Ruby script execution

ActiveScriptRuby is a software to implement Ruby into a Windows environment. ActiveScriptRuby contains a vulnerability where an arbitrary Ruby script may be executed on the web browser that can execute ActiveX controls when HTML is displayed.

Impact

A remote attacker may be able to obtain information on the system or cause a denial-of-service (DoS).

Solution

Update the software
Update to the latest version according to the information provided by the developer.

Apply a workaround
The following workaround may mitigate the affects of this vulnerability.

• Un-register the COM server by executing the command below
  regsvr32 /u _ASR-1.8install directory_\bin\GRScript18.dll

Products Affected

• ActiveScriptRuby
  ActiveScriptRuby with GRScript18.dll versions prior to 1.2.2.0 are affected.