vendor:
Nessus Vulnerability Scanner
by:
Krystian Kloskowski (h07)
7.5
CVSS
HIGH
ActiveX Remote Delete File Exploit
20
CWE
Product Name: Nessus Vulnerability Scanner
Affected Version From: Nessus 3.0.6
Affected Version To: Nessus 3.0.6
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested: Internet Explorer 6 on Windows XP SP2 (Polish)
2007
Nessus Vulnerability Scanner 3.0.6 ActiveX deleteReport() 0day Remote Delete File Exploit
This exploit targets the deleteReport() function in the Nessus Vulnerability Scanner 3.0.6 ActiveX control. By passing a relative path to the deleteReport() function, an attacker can delete arbitrary files on the system. The exploit was discovered by Krystian Kloskowski (h07) and has been tested on Nessus 3.0.6 running on Internet Explorer 6 on Windows XP SP2 (Polish). This exploit is provided for demonstration purposes only.
Mitigation:
The vendor should release a patch to fix this vulnerability.