CVE-2007-4982

Sažetak

Multiple absolute path traversal vulnerabilities in the MW6QRCode.QRCode.1 ActiveX control in MW6QRCode.dll in MW6 Technologies QRCode ActiveX 3.0.0.1 and earlier allow remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the (1) SaveAsBMP or (2) SaveAsWMF method. NOTE: some of these details are obtained from third party information.

Reference

http://osvdb.org/37914
http://osvdb.org/37915
http://secunia.com/advisories/26836
http://www.securityfocus.com/bid/25702
http://www.shinnai.altervista.org/exploits/OREurGhGgAtlCT8J2jSY.html
http://www.vupen.com/english/advisories/2007/3195
https://exchange.xforce.ibmcloud.com/vulnerabilities/36666
https://www.exploit-db.com/exploits/4420

CVSS

Base:	10.0
Impact:	10.0
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

29-09-2017 - 01:29

Objavljeno

19-09-2007 - 18:17