|CVSS SCORE||7.5, (AV:N/AC:L/Au:N/C:P/I:P/A:P)|
|TIPPINGPOINT™ IPS CUSTOMER PROTECTION||TippingPoint IPS customers are protected against this vulnerability by Digital Vaccine protection filter ID 13937. For further product information on the TippingPoint IPS: http://www.tippingpoint.com|
The specific flaw exists within the AnnotationX.AnnList.1 ActiveX control included with the software. An attacker can use an unvalidated object parameter in the Insert() function to execute arbitrary code in the context of the browser.
Agilent Technologies states:
05/05/2014 - ZDI request for vulnerability contact with vendor
-- Vendor Response:
Agilent recently released a software patch with Windows installers to address exposure to potential execution of the arbitrary code associated with Internet Explorer while ActiveX is activated. All Feature Extraction users (Version 12 or older) are strongly encouraged to execute the fix described below for protection against a potential malicious web page visited with Internet Explorer.