1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. HTTP Zenturi Prgchk AX Nav URL File Exec

HTTP Zenturi Prgchk AX Nav URL File Exec

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects attempts to exploit a file execution vulnerability by passing specially crafted arguments into a method of Zenturi ProgramChecker ActiveX control.

Additional Information

Zenturi ProgramChecker ActiveX controls are utility programs designed for use on Microsoft Windows.

Zenturi ProgramChecker ActiveX control is prone to a vulnerability that may permit an attacker to execute an arbitrary file on the victim's computer. This issue occurs because the application fails to properly sanitize user-supplied input.

An attacker can use the 'NavigateURL()' method to execute an arbitrary file already present on the victim's computer. The attacker could exploit this issue along with the issue discussed in BID 24377 (Zenturi ProgramChecker ActiveX Control Arbitrary File Deletion/Overwrite Vulnerability), for example, to execute arbitrary attacker-supplied code. This issue affects the ActiveX control with the CLSID of: {59DBDDA6-9A80-42A4-B824-9BC50CC172F5}

Attackers can exploit this issue to execute an arbitrary file on the victim's computer in the context of the vulnerable application using the ActiveX control (typically Internet Explorer). Combined with other vulnerabilities, this could aid in the remote compromise of an affected computer.

Affected

  • Zenturi Zenturi ProgramChecker ActiveX Control
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube