|
Family: Windows --> Category: infos
wodSFTP ActiveX File Access Vulnerability Vulnerability Scan
Vulnerability Scan Summary Checks for the wodSFTP ActiveX control
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote Windows host has an ActiveX control that allows arbitrary
access to the filesystem.
Description :
The Windows remote host contains the wodSFTP ActiveX control, which
provides SFTP functionality to applications that use it and is marked
as 'safe for scripting'. A remote attacker may be able to use this
control to store files on the remote filesystem or retrieve files from
it by means of a specially-crafted HTML page or email and without any
further interaction from the user.
See also :
http://www.kb.cert.org/vuls/id/378604
Solution :
Disable the use of this ActiveX control from within Internet Explorer
by setting its 'kill' bit.
Threat Level:
Low / CVSS Base Score : 3.7
(AV:R/AC:H/Au:NR/C:P/I:P/A:N/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|