PT-2007-5266 · Tenable · Nessus Vulnerability Scanner+2

H07

Published

2007-07-30

Updated

2017-09-29

CVE-2007-4061

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: Nessus Vulnerability Scanner version 3.0.6

Description: The issue allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in the argument to the saveNessusRC method, which writes text specified by the addsetConfig method. This is possibly related to the SCANCTRL.ScanCtrlCtrl.1 ActiveX control in scan.dll. It can be leveraged for code execution by writing to a Startup folder.

Recommendations: For Nessus Vulnerability Scanner version 3.0.6, consider disabling the saveNessusRC method or restricting access to the SCANCTRL.ScanCtrlCtrl.1 ActiveX control in scan.dll to minimize the risk of exploitation. Avoid using the addsetConfig method with untrusted input until the issue is resolved.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2007-4061

Affected Products

Nessus

Nessus Activex Control

Nessus Vulnerability Scanner

PT-2007-5266 · Tenable · Nessus Vulnerability Scanner+2

CVE-2007-4061

Related Identifiers

Affected Products

References · 9