Lucene search
This script is Copyright (C) 2008-2018 Tenable Network Security, Inc.CTSU_AUTOUPDATE_ACTIVEX_OVERFLOW.NASLHistoryMay 28, 2008 - 12:00 a.m.
Creative Software AutoUpdate Engine ActiveX (CTSUEng.ocx) Unspecified Overflow
2008-05-2800:00:00
This script is Copyright (C) 2008-2018 Tenable Network Security, Inc.
www.tenable.com
93
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.615 Medium
EPSS
Percentile
97.8%
The remote host contains the Creative Software AutoUpdate Engine ActiveX control, which is used to automatically update Creative Labs software.
The version of this control installed on the remote host reportedly contains an unspecified stack-based buffer overflow. If an attacker can trick a user on the affected host into viewing a specially crafted HTML document, this method could be leveraged to execute arbitrary code on the affected system subject to the user’s privileges.
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(32442);
script_version("1.22");
script_cve_id("CVE-2008-0955");
script_bugtraq_id(29391);
script_xref(name:"CERT", value:"501843");
script_xref(name:"EDB-ID", value:"5681");
script_xref(name:"Secunia", value:"30403");
script_name(english:"Creative Software AutoUpdate Engine ActiveX (CTSUEng.ocx) Unspecified Overflow");
script_summary(english:"Checks version of Creative Software AutoUpdate Engine control");
script_set_attribute(attribute:"synopsis", value:
"The remote Windows host has an ActiveX control that is affected by a
buffer overflow vulnerability." );
script_set_attribute(attribute:"description", value:
"The remote host contains the Creative Software AutoUpdate Engine
ActiveX control, which is used to automatically update Creative Labs
software.
The version of this control installed on the remote host reportedly
contains an unspecified stack-based buffer overflow. If an attacker
can trick a user on the affected host into viewing a specially crafted
HTML document, this method could be leveraged to execute arbitrary
code on the affected system subject to the user's privileges." );
script_set_attribute(attribute:"see_also", value:"https://www.beyondtrust.com/resources/blog/research/" );
script_set_attribute(attribute:"solution", value:
"Unknown at this time." );
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploit_framework_core", value:"true");
script_set_attribute(attribute:"exploited_by_malware", value:"true");
script_set_attribute(attribute:"metasploit_name", value:'Creative Software AutoUpdate Engine ActiveX Control Buffer Overflow');
script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
script_set_attribute(attribute:"canvas_package", value:'D2ExploitPack');
script_cwe_id(119);
script_set_attribute(attribute:"plugin_publication_date", value: "2008/05/28");
script_cvs_date("Date: 2018/11/15 20:50:26");
script_set_attribute(attribute:"plugin_type", value:"local");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows");
script_copyright(english:"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc.");
script_dependencies("smb_hotfixes.nasl");
script_require_keys("SMB/Registry/Enumerated");
script_require_ports(139, 445);
exit(0);
}
include("global_settings.inc");
include("smb_func.inc");
include("smb_activex_func.inc");
if (!get_kb_item("SMB/Registry/Enumerated")) exit(0);
# Locate the file used by the controls.
if (activex_init() != ACX_OK) exit(0);
clsid = "{0A5FD7C5-A45C-49FC-ADB5-9952547D5715}";
file = activex_get_filename(clsid:clsid);
if (file)
{
ver = activex_get_fileversion(clsid:clsid);
if (ver) ver = string("Version ", ver);
else ver = string("An unknown version");
report = NULL;
if (report_paranoia > 1)
report = string(
"\n",
ver, " of the vulnerable control is installed as :\n",
"\n",
" ", file, "\n",
"\n",
"Note, though, that Nessus did not check whether the kill bit was\n",
"set for the control's CLSID because of the Report Paranoia setting\n",
"in effect when this scan was run.\n"
);
else if (activex_get_killbit(clsid:clsid) == 0)
report = string(
"\n",
ver, " of the vulnerable control is installed as :\n",
"\n",
" ", file, "\n",
"\n",
"Moreover, its kill bit is not set so it is accessible via Internet\n",
"Explorer.\n"
);
if (report)
{
if (report_verbosity) security_hole(port:kb_smb_transport(), extra:report);
else security_hole(kb_smb_transport());
}
}
activex_end();
Related
cve
cve
CVE-2008-0955
2008-05-29 16:32:00
cert
cert
Creative Software AutoUpdate Engine ActiveX stack buffer overflow
2008-05-27 00:00:00
nvd
nvd
CVE-2008-0955
2008-05-29 16:32:00
d2
d2
DSquare Exploit Pack: D2SEC_CREATIVE
2008-05-29 16:32:00
checkpoint_advisories
checkpoint_advisories
seebug
seebug
Creative软件自动升级引擎ActiveX控件栈溢出漏洞
2008-05-30 00:00:00
cvelist
cvelist
CVE-2008-0955
2008-05-29 16:00:00
packetstorm
packetstorm
Creative Software AutoUpdate Engine ActiveX Control Buffer Overflow
2009-11-26 00:00:00
prion
prion
Stack overflow
2008-05-29 16:32:00
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.615 Medium
EPSS
Percentile
97.8%
Related for CTSU_AUTOUPDATE_ACTIVEX_OVERFLOW.NASL