1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. HTTP Friendly Tech ActiveX Info Disc

HTTP Friendly Tech ActiveX Info Disc

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects an information-disclosure vulnerability in the Friendly Technologies 'fwRemoteCfg.dll' ActiveX Control.

Additional Information

Friendly Technologies provides tools to facilitate network connectivity between Internet Service Providers and their customers.

Friendly Technologies 'fwRemoteCfg.dll' ActiveX control is prone to a vulnerability that lets attackers read arbitrary local files.

This issue affects the 'GetTextFile()' method of the 'fwRemoteCfg.dll' ActiveX control. This control is identified by CLSID:

F4A06697-C0E7-4BB6-8C3B-E01016A4408B

Successfully exploiting this issue allows remote attackers to obtain sensitive information that may aid in further attacks.

Response

Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.com.

Additional References

  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube