Lucene search

[email protected]CVE-2007-4983

HistorySep 19, 2007 - 7:17 p.m.

CVE-2007-4983

2007-09-1919:17:00

CWE-22

[email protected]

web.nvd.nist.gov

cve-2007-4983

directory traversal

vulnerability

activex control

jetaudio

7.5 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.18 Low

EPSS

Percentile

96.2%

JSON

Directory traversal vulnerability in the JetAudio.Interface.1 ActiveX control in JetFlExt.dll in jetAudio 7.0.3 Basic and 7.0.3.3016 allows remote attackers to create or overwrite arbitrary local files via a …\ (dot dot backslash) in the second argument to the DownloadFromMusicStore method. NOTE: some of these details are obtained from third party information. NOTE: this can be leveraged for code execution by overwriting JetAudio.exe, which is launched by the control after completion of the method call.

CPENameOperatorVersion
cowon_america:jetaudiocowon america jetaudioeq7.0.3.3016
cowon_america:jetaudiocowon america jetaudioeq7.0.3_basic

CPE	Name	Operator	Version
cowon_america:jetaudio	cowon america jetaudio	eq	7.0.3.3016
cowon_america:jetaudio	cowon america jetaudio	eq	7.0.3_basic

References

osvdb.org/37737

secunia.com/advisories/26787

www.securityfocus.com/bid/25723

www.securitytracker.com/id?1018716

www.vupen.com/english/advisories/2007/3196

exchange.xforce.ibmcloud.com/vulnerabilities/36693

www.exploit-db.com/exploits/4427

7.5 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.18 Low

EPSS

Percentile

96.2%

JSON

Related for CVE-2007-4983

d21 cvelist1 prion1