40239 : iMesh IMWeb.IMWebControl ActiveX (IMWeb.dll) SetHandler Method Arbitrary Code Execution
Printer | http://osvdb.org/40239 | Email This | Edit Vulnerability

Views This Week

Views All Time

131

Info

Last Modified

about 1 year ago

Percent Complete

35%

Disclosure

Dec 18, 2007

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

This Entry needs help! It is only 35% Complete. Click the edit link above to add more information.

Contributing is fast and easy, and benefits the entire security community.

Keywords

Description

(Description Provided by CVE) : The IMWeb.IMWebControl.1 ActiveX control in IMWeb.dll 7.0.0.x, and possibly IMWebControl.dll, in iMesh 7.1.0.x and earlier allows remote attackers to execute arbitrary code via a certain argument to the SetHandler method.

Classification

Location: Remote/Network Access Required
Attack Type: Input Manipulation
Exploit: Exploit Available

Solution

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround(s): Set the kill-bit for the affected ActiveX control.

Products

Unknown or Incomplete

References

CVE ID: 2007-6493 (see also: NVD)
Secunia Advisory ID: 28134
FrSIRT Advisory: ADV-2007-4240
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-12/0222.html
Other Advisory URL: http://retrogod.altervista.org/rgod_imesh.html

Credit

Unknown or Incomplete

Blogs

Provided by Technorati

2007/12/20 00:00:00 | CVE-2007-6493 (iMesh)

from: National Vulnerability Database

CVE-2007-6493 (iMesh) Publish Date: 12/20/2007 CVSS Severity: 10.0 (High) The IMWeb.IMWebControl.1 ActiveX control in IMWeb.dll 7.0.0.x, and possibly IMWebControl.dll, in iMesh 7.1.0.x

Views This Week

Views All Time

Info

Last Modified

Percent Complete

Disclosure

Discovery

Dates

Exploit

Solution

Keywords

Description

Classification

Solution

Products

References

Credit

Blogs

Comments