[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Nessus Client Insecure Library Loading Vulnerability

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: Nessus Client Insecure Library Loading Vulnerability
From: Renaud Deraison <deraison@xxxxxxxxxx>
Date: Wed, 27 Oct 2010 13:23:39 -0400

Nessus 4.2.0 and newer versions are not affected (as there's no fat client any 
more). So, technically, this was patched last year.


-rd


On Oct 27, 2010, at 9:48 AM, apa-iutcert@xxxxxxx wrote:

> A vulnerability has been discovered in Nessus Client ,which can be exploited 
> by malicious people to compromise a user's system.
> The vulnerability is caused due to the application loading libraries in an 
> insecure manner.
> Libraries list called is as follows:
>      Wintab32.dll
> This can be exploited to load arbitrary libraries by tricking a user into 
> e.g. opening a HTML file located on a remote WebDAV or SMB share.
> Successful exploitation allows execution of arbitrary code.
> The vulnerability is confirmed in Nessus Client version 4.0.2  for Microsoft 
> Windows XP Service Pack 3. Other versions may also be affected.
>

References:
- Nessus Client Insecure Library Loading Vulnerability
  - From: apa-iutcert

Prev by Date: MyCart 2.0 Multiple Remote Vulnerabilities
Next by Date: Path disclosure in MyBB
Previous by thread: Nessus Client Insecure Library Loading Vulnerability
Next by thread: Orbit Downloader Insecure Library Loading Vulnerability
Index(es):
- Date
- Thread