Lucene search

[email protected]CVE-2007-4902

HistorySep 17, 2007 - 4:17 p.m.

CVE-2007-4902

2007-09-1716:17:00

CWE-22

[email protected]

web.nvd.nist.gov

cve-2007-4902

absolute path traversal

activex control

cryptox.dll

ultra crypto component

remote attackers

nvd

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

6.8 Medium

AI Score

Confidence

Low

0.188 Low

EPSS

Percentile

96.3%

JSON

Absolute path traversal vulnerability in a certain ActiveX control in CryptoX.dll 2.0 and earlier in the Ultra Crypto Component allows remote attackers to write to arbitrary files via a full pathname in the argument to the SaveToFile method.

Affected configurations

NVD

Node

ultra_sharewareultra_crypto_componentMatch2.0.2007.801

CPENameOperatorVersion
ultra_shareware:ultra_crypto_componentultra shareware ultra crypto componenteq2.0.2007.801

CPE	Name	Operator	Version
ultra_shareware:ultra_crypto_component	ultra shareware ultra crypto component	eq	2.0.2007.801

References

osvdb.org/38982

www.securityfocus.com/bid/25611

www.securitytracker.com/id?1018675

exchange.xforce.ibmcloud.com/vulnerabilities/36522

www.exploit-db.com/exploits/4388

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

6.8 Medium

AI Score

Confidence

Low

0.188 Low

EPSS

Percentile

96.3%

JSON

Related for CVE-2007-4902

cvelist1 checkpoint_advisories1 prion1 nvd1