Consona (formerly SupportSoft) Intelligent Assistance Suite (IAS) contains a set of vulnerabilities that collectively could allow an attacker to execute arbitrary code on a remote system.
In 2009, Consona acquired SupportSoft's enterprise software assets, including web-based assistance software called Intelligent Assistance Suite (IAS). IAS client components are delivered via ActiveX controls, Netscape-style plugins, or standalone installers. IAS runs on Microsoft Windows platforms. Consona products affected by these vulnerabilities include Consona Live Assistance, Consona Dynamic Agent, Consona Subscriber Assistance, Repair Manager, Consona Subscriber Activiation, and Subscriber Agent.
IAS contains vulnerabilities in different components.
Further details are available in Rubén Santamarta's slides from Rooted CON 2010.
By convincing a user to view a specially crafted HTML document (web page, HTML email message), an attacker could execute arbitrary code with the privileges of the user, and possibly gain SYSTEM privileges via the Repair Service.
Notified: March 26, 2010 Updated: May 18, 2010
Statement Date: April 06, 2010
We have not received a statement from the vendor.
Please see the April 2010 Security Bulletin.
This information is based on research by Rubén Santamarta. Thanks to Rubén and Consona for following responsible vulnerability disclosure practices.
This document was written by Art Manion.
|Date First Published:||2010-05-06|
|Date Last Updated:||2010-05-18 20:02 UTC|