Intrusion Prevention

Nessus.Scanner.ActiveX.addsetConfig.Command.Execution

Description

This indicates a vulnerability in Nessus Vulnerability Scanner. The vulnerability is caused by an error in the "addsetConfig()" method within the scan.dll ActiveX control. It allows remote attackers to execute arbitrary code by invoking the addsetConfig method with malicious input.

Affected Products

Nessus Vulnerability Scanner version 3.0.6 and prior.

Impact

System compromise, remote code execution.

Recommended Actions

Currently we are not aware of any official supplied fix for this issue.

CVE References

CVE-2007-4061