Lucene search

[email protected]CVE-2007-3982

HistoryJul 25, 2007 - 5:30 p.m.

CVE-2007-3982

2007-07-2517:30:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2007-3982

absolute path traversal

data dynamics

activereport

activex control

actrpt2.dll

remote attackers

arbitrary files

savelayout method

7.6 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.009 Low

EPSS

Percentile

83.0%

JSON

Absolute path traversal vulnerability in the Data Dynamics ActiveReport (ActiveReports) ActiveX control in actrpt2.dll 2.5 and earlier allows remote attackers to create or overwrite arbitrary files via a full pathname in the first argument to the SaveLayout method.

CPENameOperatorVersion
datadynamics:activereportsdatadynamics activereportsle2.5

CPE	Name	Operator	Version
datadynamics:activereports	datadynamics activereports	le	2.5

References

osvdb.org/37694

secunia.com/advisories/26112

www.securityfocus.com/bid/24994

www.vupen.com/english/advisories/2007/2606

exchange.xforce.ibmcloud.com/vulnerabilities/35539

www.exploit-db.com/exploits/4208

7.6 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.009 Low

EPSS

Percentile

83.0%

JSON

Related for CVE-2007-3982

prion1 cvelist1