You are here

U-148: ActiveScriptRuby GRScript18.dll ActiveX Control Ruby Code Execution Vulnerability

April 16, 2012 - 7:00am

Addthis

PROBLEM:

A vulnerability has been reported in ActiveScriptRuby, which can be exploited by malicious people to potentially compromise a user's system.

PLATFORM:

Version(s): 1.2.2.0 and prior

ABSTRACT:

The vulnerability is caused due to an error in GRScript18.dll and can be exploited to execute arbitrary Ruby commands.

reference LINKS:

Secunia Advisory 48811
CVE-2012-1241

IMPACT ASSESSMENT:

High

Discussion:

ActiveScriptRuby is a software to implement Ruby into a Windows environment. ActiveScriptRuby contains a vulnerability where an arbitrary Ruby script may be executed on the web browser that can execute ActiveX controls when HTML is displayed.

Impact:

System access from remote

Solution:

The vendor has issued a patch.

Addthis