Vulnerabilities > CVE-2007-4061 - Multiple vulnerability in Nessus vulnerability Scanner 3.0.6
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Directory traversal vulnerability in a certain ActiveX control in Nessus Vulnerability Scanner 3.0.6 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in the argument to the saveNessusRC method, which writes text specified by the addsetConfig method, possibly related to the SCANCTRL.ScanCtrlCtrl.1 ActiveX control in scan.dll. NOTE: this can be leveraged for code execution by writing to a Startup folder.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description | Nessus Vulnerability Scanner 3.0.6 ActiveX Command Exec Exploit. CVE-2007-4031,CVE-2007-4061,CVE-2007-4062. Remote exploit for windows platform |
file | exploits/windows/remote/4237.html |
id | EDB-ID:4237 |
last seen | 2016-01-31 |
modified | 2007-07-27 |
platform | windows |
port | |
published | 2007-07-27 |
reporter | h07 |
source | https://www.exploit-db.com/download/4237/ |
title | Nessus Vulnerability Scanner 3.0.6 - ActiveX Command Exec Exploit |
type | remote |
Nessus
NASL family | Windows |
NASL id | NESSUS_SCANCTRL_ACTIVEX_FILE_DELETION.NASL |
description | The remote host contains the ScanCtrl ActiveX control, a part of Nessus for Windows. The version of the ScanCtrl ActiveX control, installed as part of Nessus for Windows on the remote host, fails to validate input to several methods. If an attacker can trick a user on the affected host into visiting a specially crafted web page, this issue could be leveraged to delete or write to arbitrary files or even execute arbitrary code on the host subject to the user |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 25799 |
published | 2007-07-28 |
reporter | This script is Copyright (C) 2007-2018 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/25799 |
title | Nessus Windows < 3.0.6.1 ScanCtrl ActiveX Multiple Method File Manipulation |
code |
|