Vulnerability Assessment & Network Security Forums

If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important.  If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery.

Home >> Browse Vulnerability Assessment Database >> Windows >> wodSFTP ActiveX File Access Vulnerability

Vulnerability Assessment Details

wodSFTP ActiveX File Access Vulnerability
Vulnerability Assessment Summary
Checks for the wodSFTP ActiveX control

Detailed Explanation for this Vulnerability Assessment

Summary :

The remote Windows host has an ActiveX control that permits arbitrary
access to the filesystem.

Description :

The Windows remote host contains the wodSFTP ActiveX control, which
provides SFTP functionality to applications that use it and is marked
as 'safe for scripting'. A remote attacker may be able to use this
control to store files on the remote filesystem or retrieve files from
it by means of a specially-crafted HTML page or email and without any
further interaction from the user.

See also :

http://www.kb.cert.org/vuls/id/378604

Solution :

Disable the use of this ActiveX control from within Internet Explorer
by setting its 'kill' bit.

Network Security Threat Level:

Low / CVSS Base Score : 3.7
(AV:R/AC:H/Au:NR/C:P/I:P/A:N/B:N)

Networks Security ID: 18192

Vulnerability Assessment Copyright: This script is Copyright (C) 2006 Tenable Network Security
Cables, Connectors


Dell PowerEdge R630 8SFF 2.6Ghz 20-Core 128GB Mem 2x10G+2x1G NIC 2x750W PSU picture

Dell PowerEdge R630 8SFF 2.6Ghz 20-Core 128GB Mem 2x10G+2x1G NIC 2x750W PSU

$399.04


Dell Poweredge R640 Server | 2x Xeon Gold 6132 | 128GB | H730P | 8x HDD Trays picture

Dell Poweredge R640 Server | 2x Xeon Gold 6132 | 128GB | H730P | 8x HDD Trays

$1849.00


Dell Poweredge R640 Server | 2x Silver 4114 20 Cores | 96GB | 8x 1.8TB Dell SAS picture

Dell Poweredge R640 Server | 2x Silver 4114 20 Cores | 96GB | 8x 1.8TB Dell SAS

$2749.99


Intel Xeon E5-2680 v4 2.4GHz 35MB 14-Core 120W LGA2011-3 SR2N7 picture

Intel Xeon E5-2680 v4 2.4GHz 35MB 14-Core 120W LGA2011-3 SR2N7

$17.99


Intel Xeon Gold 6140 SR3AX 2.3GHz 18-Core Processor CPU picture

Intel Xeon Gold 6140 SR3AX 2.3GHz 18-Core Processor CPU

$44.99


HP Z4G4 Intel Xeon W2133-3.6 GHz, 256 NVME, 6TB HDD, 32GB RAM P620 NO OS picture

HP Z4G4 Intel Xeon W2133-3.6 GHz, 256 NVME, 6TB HDD, 32GB RAM P620 NO OS

$265.00


Intel Xeon E5-2697A V4 2.6GHz CPU Processor 16-Core Socket LGA2011 SR2K1 picture

Intel Xeon E5-2697A V4 2.6GHz CPU Processor 16-Core Socket LGA2011 SR2K1

$39.99


Dell Precision T5600/t5610 Xeon E5-2670 2.6Ghz 16GB DDR3 RAM NO HDD Nvidia picture

Dell Precision T5600/t5610 Xeon E5-2670 2.6Ghz 16GB DDR3 RAM NO HDD Nvidia

$85.50


DELL PowerEdge R730 Server 2x E5-2690v3 2.6GHz =24 Cores 32GB H730 4xRJ45 picture

DELL PowerEdge R730 Server 2x E5-2690v3 2.6GHz =24 Cores 32GB H730 4xRJ45

$274.00


Discussions

No Discussions have been posted on this vulnerability.