CVE-2010-1913

Name of the Vulnerable Software and Affected Versions Consona Live Assistance, Dynamic Agent, and Subscriber Assistance (affected versions not specified)

Description The issue concerns the default configuration of pluginlicense.ini for the SdcWebSecureBase interface in tgctlcm.dll. This configuration contains an incorrect DNS whitelist that includes the DNS hostnames of home computers of many persons. As a result, remote attackers can bypass intended restrictions on ActiveX execution by hosting an ActiveX control on an applicable home web server.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.