Honeywell EBI TEMA Remote Installer ActiveX Control Arbitrary File Download Vulnerability

Honeywell EBI is prone to a vulnerability that exists in the TEMA installer and can allow malicious files to be downloaded and saved to arbitrary locations on an affected computer.

Successful exploits will allow attackers to download a malicious file onto a victims computer and execute arbitrary code within the context of the application that uses the ActiveX control (typically Internet Explorer).

This issue affects the following versions of EBI and corresponding versions of TEMA:

EBI R310.1 - TEMA 4.8
EBI R310.1 - TEMA 4.9
EBI R310.1 - TEMA 4.10
EBI R400.2 SP1 - TEMA 5.2
EBI R410.1 - TEMA 5.3.0
EBI R410.2 - TEMA 5.3.1.


Privacy Statement
Copyright 2010, SecurityFocus