HP PKI ActiveX Control KillProcess Denial of Service

medium Nessus Plugin ID 57536

Language:

Synopsis

The remote Windows host has an ActiveX control that is affected by a denial of service vulnerability.

Description

The version of the HP PKI ActiveX control installed on the remote Windows host is earlier than 1.2.0.1. As such, it reportedly contains an insecure method named 'KillProcess()' that could be used to terminate arbitrary user processes.

Solution

Upgrade to version 1.2.0.1 or later as that reportedly resolves the vulnerability :

https://digitalbadge.external.hp.com/hp/HPPKI.cab

Plugin Details

Severity: Medium

ID: 57536

File Name: hppki_activex_killprocess.nasl

Version: 1.6

Type: local

Agent: windows

Family: Windows

Published: 1/13/2012

Updated: 7/12/2018

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 2.7

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.2

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P

Vulnerability Information

CPE: cpe:/a:hp:pki_activex_control

Required KB Items: SMB/Registry/Enumerated

Exploit Ease: No known exploits are available

Patch Publication Date: 1/10/2012

Vulnerability Publication Date: 1/10/2012

Reference Information

CVE: CVE-2012-6501

BID: 51341

Secunia: 47122

Detections

Analytics