Intrusion Prevention

Nessus.Vulnerability.Scanner.ActiveX.Control.File.Deletion

Description

This indicates a vulnerability in Nessus Vulnerability Scanner. The vulnerability is caused by an error in the "deleteReport()" method within the scan.dll ActiveX control. It allows remote attackers to delete arbitrary files by invoking the deleteReport method with a specific file path.

Affected Products

Nessus Vulnerability Scanner version 3.0.6 and prior.

Impact

System compromise, arbitrary file deletion.

Recommended Actions

Currently we are not aware of any official supplied fix for this issue.

CVE References

CVE-2007-4031