LDRA Software Technology Affected

Notified:  March 09, 2009 Updated: August 12, 2016

Status

Affected

Vendor Statement

The LDRA TBbrowse component uses the Microsoft Internet Explorer HTML framework to implement an HTML report viewer. The IntraLaunch.ocx control allows these reports to include active links to other reports. The use of IntraLaunch is optional, and the user is asked to confirm their wish to include it as part of the installation. As of LDRA 9.45 the ActiveX control can be disabled without loss of report functionality. As of LDRA 9.57, the IntraLaunch ActiveX control is no longer provided.

Vendor Information

Disabling IntraLaunch via the “kill-bit” is not a viable option if a user wishes to make use of the intra-report links displayed within TBbrowse. However, given the vulnerability noted in VU#908801 it is still advisable to take appropriate security measures: Disable the use of ActiveX controls in the Internet Zone or ensure that any affected machine does not have access to the internet (e.g. via firewall settings). Ensure that any affected machine does not have access to any other untrusted network that may be used as an attack vector.

Particle Software Affected

Notified:  February 13, 2009 Updated: August 12, 2016

Status

Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

There is no real security problem here at all. Its the nature of the program, everyone is aware of it and its all public. If they don't want it they just uninstall (http://www.particlesoftware.com/en/uninstall.html) it.