Lucene search

[email protected]CVE-2008-5404

HistoryDec 10, 2008 - 6:44 a.m.

CVE-2008-5404

2008-12-1006:44:42

[email protected]

web.nvd.nist.gov

cve-2008-5404

insecure method

flexcell.grid

activex control

flexcell.ocx

code execution

remote attackers

file overwrite

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.1 High

AI Score

Confidence

High

0.058 Low

EPSS

Percentile

93.4%

JSON

Insecure method vulnerability in the FlexCell.Grid ActiveX control in FlexCell.ocx 5.7.0.1 in FlexCell Grid ActiveX Component allows remote attackers to create and overwrite arbitrary files via the HttpDownloadFile method. NOTE: this could be leveraged for code execution by creating executable files in Startup folders or by accessing files using hcp:// URLs. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Affected configurations

NVD

Node

grid2000flexcell_grid_controlMatch5.7.0.1

CPENameOperatorVersion
grid2000:flexcell_grid_controlgrid2000 flexcell grid controleq5.7.0.1

CPE	Name	Operator	Version
grid2000:flexcell_grid_control	grid2000 flexcell grid control	eq	5.7.0.1

References

secunia.com/advisories/32829

www.securityfocus.com/bid/32443

exchange.xforce.ibmcloud.com/vulnerabilities/46809

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.1 High

AI Score

Confidence

High

0.058 Low

EPSS

Percentile

93.4%

JSON

Related for CVE-2008-5404

openvas2 prion1 nvd1 cvelist1