Lucene search

[email protected]CVE-2009-0465

HistoryFeb 10, 2009 - 7:00 a.m.

CVE-2009-0465

2009-02-1007:00:24

CWE-20

[email protected]

web.nvd.nist.gov

cve

2009

0465

savedoc

all_in_the_box

allbox

activex

remote attackers

arbitrary files

synactis

nvd

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7 High

AI Score

Confidence

Low

0.061 Low

EPSS

Percentile

93.6%

JSON

The SaveDoc method in the All_In_The_Box.AllBox ActiveX control in ALL_IN_THE_BOX.OCX in Synactis ALL In-The-Box ActiveX 3 allows remote attackers to create and overwrite arbitrary files via an argument ending in a ‘\0’ character, which bypasses the intended .box filename extension, as demonstrated by a C:\boot.ini\0 argument.

Affected configurations

NVD

Node

synactisall_in_the_box.ocxMatch3

CPENameOperatorVersion
synactis:all_in_the_box.ocxsynactis all in the box.ocxeq3

CPE	Name	Operator	Version
synactis:all_in_the_box.ocx	synactis all in the box.ocx	eq	3

References

osvdb.org/51693

secunia.com/advisories/33728

www.dsecrg.com/pages/vul/show.php?id=62

www.securityfocus.com/bid/33535

www.vupen.com/english/advisories/2009/0298

www.exploit-db.com/exploits/7928

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7 High

AI Score

Confidence

Low

0.061 Low

EPSS

Percentile

93.6%

JSON

Related for CVE-2009-0465

openvas2 nvd1 cvelist1 prion1