Synopsis
The remote Windows host has an ActiveX control that is affected by a buffer overflow vulnerability.
Description
The remote host contains the PhPInfo ActiveX control, included with the PhotoParade Player software for creating slideshows of digital pictures.
The version of this control installed on the remote host reportedly contains an unspecified overflow in its 'FileVersionOf' property that could lead to arbitrary code execution on the affected system. Successful exploitation requires that an attacker trick a user on the affected host into visiting a specially crafted web page.
Solution
Disable the use of this ActiveX control from within Internet Explorer by setting its kill bit or remove it completely.
Plugin Details
File Name: photoparade_player_phpinfo_activex_overflow.nasl
Agent: windows
Supported Sensors: Nessus Agent, Nessus
Risk Information
Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C
Vulnerability Information
Required KB Items: SMB/Registry/Enumerated
Exploit Ease: No known exploits are available
Vulnerability Publication Date: 9/12/2007