WEBGATE ActiveX 控制項多個緩衝區溢位
high Nessus Plugin ID 81702
語系:
概要
遠端 Windows 主機包含至少一個受緩衝區溢位弱點影響的 ActiveX 控制項。說明
遠端主機包含下列一或多個 WEBGATE ActiveX 控制項:- 控制中心:
- FileConverter.FileConverterCtrl.1
- LoginContoller.LoginControllerCtrl.1
- WESPDiscovery.WESPDiscoveryCtrl.1
- WESPPlayback.WESPPlaybackCtrl.1
- eDVR Manager:
- WESPDiscovery.WESPDiscoveryCtrl.1
- WESPEvent.WESPEventCtrl.1
- WESPMonitor.WESPMonitorCtrl.1
- WESPPTZ.WESPPTZCtrl.1
- WESPPlayback.WESPPlaybackCtrl.1
- WESPSerialPort.WESPSerialPortCtrl.1
- Web 攝影機伺服器音訊:
- WebEyeAudio.OCX
- WinRDS:
- WESPPlayback.WESPPlaybackCtrl.1
據報告,這些控制項受多個緩衝區溢位影響,而允許攻擊者執行任意程式碼。
解決方案
停用違規 ActiveX 控制項或解除安裝提供控制項的軟體。另請參閱
https://www.zerodayinitiative.com/advisories/ZDI-15-054/
https://www.zerodayinitiative.com/advisories/ZDI-15-055/
https://www.zerodayinitiative.com/advisories/ZDI-15-056/
https://www.zerodayinitiative.com/advisories/ZDI-15-057/
https://www.zerodayinitiative.com/advisories/ZDI-15-058/
https://www.zerodayinitiative.com/advisories/ZDI-15-059/
https://www.zerodayinitiative.com/advisories/ZDI-15-060/
https://www.zerodayinitiative.com/advisories/ZDI-15-061/
https://www.zerodayinitiative.com/advisories/ZDI-15-062/
https://www.zerodayinitiative.com/advisories/ZDI-15-063/
https://www.zerodayinitiative.com/advisories/ZDI-15-064/
https://www.zerodayinitiative.com/advisories/ZDI-15-065/
https://www.zerodayinitiative.com/advisories/ZDI-15-066/
https://www.zerodayinitiative.com/advisories/ZDI-15-067/
https://www.zerodayinitiative.com/advisories/ZDI-15-068/
https://www.zerodayinitiative.com/advisories/ZDI-15-069/
https://www.zerodayinitiative.com/advisories/ZDI-15-070/
https://www.zerodayinitiative.com/advisories/ZDI-15-071/
https://www.zerodayinitiative.com/advisories/ZDI-15-072/
Plugin 詳細資訊
嚴重性: High
ID: 81702
檔案名稱: webgate_activex_multiple_buffer_overflows.nasl
版本: 1.9
類型: local
代理程式: windows
系列: Windows
已發布: 2015/3/9
已更新: 2022/4/11
組態: 啟用徹底檢查
支援的感應器: Nessus Agent, Nessus
風險資訊
VPR
風險因素: High
分數: 7.4
CVSS v2
風險因素: High
基本分數: 7.5
時間分數: 6.2
媒介: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS 評分資料來源: CVE-2015-2097
弱點資訊
CPE: x-cpe:/a:webgateinc:control_center, cpe:/a:webgateinc:edvr_manager, cpe:/a:webgateinc:webeyeaudio, cpe:/a:webgateinc:winrds
必要的 KB 項目: SMB/Registry/Enumerated
可被惡意程式利用: true
可輕鬆利用: Exploits are available
弱點發布日期: 2015/2/27
可惡意利用
Core Impact
參考資訊
CVE: CVE-2015-2093, CVE-2015-2094, CVE-2015-2095, CVE-2015-2096, CVE-2015-2097, CVE-2015-2098, CVE-2015-2099, CVE-2015-2100