Description: The remote host has KeyWorks KeyHelp ActiveX control installed, which is affected by multiple vulnerabilities
- Multiple stack-based buffer overflows exist that could allow an
attacker to execute arbitrary code. (CVE-2012-2515)
- An unspecified command injection vulnerability. (CVE-2012-2516)
KEYHELP.OCX is a part of the PSQL 12 install and is not harmful. It is also, however, a non-essential control with respect to the Pervasive engine.
See:
https://supportactian.secure.force.com/help/articles/Technical_Document/Keyhelp-ocx-reported-as-a-security-vulnerability-by-security-analyzer-utilities
https://supportactian.secure.force.com/help/articles/Bug_Document/Actian-Security-Vulnerabilities-NoticePSQL/
Note that Actian recommends the removal of this control (which is only used when running the Pervasive System Analyzer aka PSA tool). It will not be shipping with future updates to the v12 engine starting with service pack 1, i.e. 12.10.
For users with older installations of version 12 (i.e prior to 12.10), the instructions in the second link above is repeated below:
You can prevent the installation of this file by using the 'Custom' Setup Type option, and changing the installation option for the optional utility to 'This feature will not be available' during the installation. Alternatively, it can be removed from an existing PSQL installations by modifying the installation to remove the optional utility by selecting 'Uninstall/Change' from Programs and Features, selecting the default 'Modify' option and removing the utility from the installation.