Acunetix Web Vulnerability Scanner GUI Html Script Injection Exploit

Acunetix Web Vulnerability Scanner 10.0 build 20160216 and previous versions, allows remote attackers to execute arbitrary JavaScript code in the context of the scanner GUI. The flaw exists in the way Acunetix WVS render some html elements inside it's GUI, using jscript.dll without any concern about unsafe ActiveX object such as WScript.shell. This module also abuses of a second vulnerability affecting the Acunetix Web Vulnerability Scanner Scheduler to gain SYSTEM privileges.
Exploit type: 
Platform: 
Vulnerabilty ID: 
NOCVE-9999-74978
Product Version: 
2016_R1
Released Date: 
Wednesday, June 15, 2016 - 00:00