vendor:
Command On Demand Online scanner
by:
Unknown
7.5
CVSS
HIGH
Buffer Overflow
119
CWE
Product Name: Command On Demand Online scanner
Affected Version From: 1.4.9508.605
Affected Version To: Unknown
Patch Exists: NO
Related CWE: Unknown
CPE: a:authentium:command_on_demand_css_web_installer_activex:1.4.9508.605
Platforms Tested:
Unknown
Buffer Overflow Vulnerabilities in CSS Web Installer ActiveX Control
The CSS Web Installer ActiveX control in Authentium Command On Demand Online scanner is prone to multiple buffer-overflow vulnerabilities. An attacker can exploit these issues by enticing a victim to view a malicious webpage. Successful exploits will allow the attacker to execute arbitrary code within the context of the application that uses the ActiveX control (typically Internet Explorer). Failed exploit attempts will result in a denial-of-service condition.
Mitigation:
No vendor patches are expected to be released as the vendor no longer supports this product. It is recommended to remove or disable the Command On Demand CSS Web Installer ActiveX control.
