BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to the Zeroday Tracker: Your Vulnerability Watchlist

Get critical updates on the latest zeroday threats, including impact, mitigation and protection information - only from BeyondTrust.

Quest vWorkspace “pnllmcli.dll” ActiveX Arbitrary Overwrite Vulnerability

Disclosed April 5, 2012    Workaround Available

Vulnerability Description:

Quest vWorkspace contains an ActiveX control that allows for arbitrary file-overwrites. If successfully leveraged, an attacker may be able to overwrite arbitrary files on a vulnerable system.

Vendors:

Quest Software (Dell)

Vulnerable Software/Devices:

  • Quest vWorkspace 7.5

Vulnerability Severity:

Medium

Exploit Availability:

N/A

BeyondTrust Prevention and Detection:

BeyondTrust's Retina® Network Security Scanner scans devices to detect for this vulnerability.

  • 16190 - Quest vWorkspace ActiveX Vulnerability (Zero-Day)

Mitigation:

Set the kill-bit for the vulnerable ActiveX control: D9397163-A2DB-4A4A-B2C9-34E876AF2DFC.

Links:

CVE(s):

None

Leave a Reply