Home | FAQ | Contact | Privacy Policy
US-CERT
Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information
 

 View Notes By
Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric

 Other Documents
Technical Alerts

Technical Bulletins

Alerts

Security Tips

LDRA Software Technology Information for VU#908801

Date Notified:2009-03-09
Date Updated:2009-04-06
Statement Date:
Status Summary:Vulnerable

Vendor Statement

The LDRA TBbrowse component uses the Microsoft Internet Explorer HTML framework to implement an HTML report viewer. The IntraLaunch.ocx control allows these reports to include active links to other reports.

    The use of IntraLaunch is optional, and the user is asked to confirm their wish to include it as part of the installation.

    Vendor Information

    Disabling IntraLaunch via the “kill-bit” is not a viable option if a user wishes to make use of the intra-report links displayed within TBbrowse.

However, given the vulnerability noted in VU#908801 it is still advisable to take appropriate security measures:
  1. Disable the use of ActiveX controls in the Internet Zone or ensure that any affected machine does not have access to the internet (e.g. via firewall settings).
  2. Ensure that any affected machine does not have access to any other untrusted network that may be used as an attack vector.

    Addendum

    If you have feedback, comments, or additional information about this vulnerability, please send us email.
     

Produced 2009 by US-CERT, a government organization
Disclaimers and copyright information