Vulnerability CVE-2007-5320
Published: 2007-10-09   Modified: 2012-02-12

Description:
Multiple absolute path traversal vulnerabilities in Pegasus Imaging ImagXpress 8.0 allow remote attackers to (1) delete arbitrary files via the CacheFile attribute in the ThumbnailXpres.1 ActiveX control (PegasusImaging.ActiveX.ThumnailXpress1.dll) or (2) overwrite arbitrary files via the CompactFile function in the ImagXpress.8 ActiveX control (PegasusImaging.ActiveX.ImagXpress8.dll).

Type:

CWE-22

 (Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'))

CVSS2 => (AV:N/AC:H/Au:N/C:N/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4/10
4.9/10
4.9/10
Exploit range
Attack complexity
Authentication
Remote
High
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
Partial
Affected software
Pegasus imaging -> Imagxpress 

 References:
http://www.vupen.com/english/advisories/2007/3388
http://www.securityfocus.com/bid/25949
http://www.securityfocus.com/bid/25948
http://shinnai.altervista.org/exploits/txt/TXT_wfv7ZG0G6KnQlk1SieLd.html
http://shinnai.altervista.org/exploits/txt/TXT_3DQ1nIkI6zmWCek4zP5U.html
http://secunia.com/advisories/27095
http://osvdb.org/37960
http://osvdb.org/37959
http://xforce.iss.net/xforce/xfdb/37012
Copyright 2024, cxsecurity.com

 

Back to Top