Lucene search

[email protected]CVE-2011-5291

HistoryJan 01, 2015 - 2:59 a.m.

CVE-2011-5291

2015-01-0102:59:00

CWE-264

[email protected]

web.nvd.nist.gov

cve-2011-5291

savedata method

cygnicon.viewcontrol.1

cyviewer.ocx

ashampoo 3d cad professional

arbitrary file write

remote attack

7.2 High

AI Score

Confidence

Low

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

0.002 Low

EPSS

Percentile

64.3%

JSON

The SaveData method in the Cygnicon.ViewControl.1 ActiveX control in CyViewer.ocx in Ashampoo 3D CAD Professional 3.x before 3.0.2 allows remote attackers to write to arbitrary files via a pathname in the first argument.

CPENameOperatorVersion
ashampoo_gmbh_\&_co.:ashampoo_3d_cad_professional_3ashampoo gmbh \& co. ashampoo 3d cad professional 3eq3.0.1
ashampoo_gmbh_\&_co.:ashampoo_3d_cad_professional_3ashampoo gmbh \& co. ashampoo 3d cad professional 3eq3.0

CPE	Name	Operator	Version
ashampoo_gmbh_\&_co.:ashampoo_3d_cad_professional_3	ashampoo gmbh \& co. ashampoo 3d cad professional 3	eq	3.0.1
ashampoo_gmbh_\&_co.:ashampoo_3d_cad_professional_3	ashampoo gmbh \& co. ashampoo 3d cad professional 3	eq	3.0

References

www.htbridge.com/advisory/HTB23019

7.2 High

AI Score

Confidence

Low

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

0.002 Low

EPSS

Percentile

64.3%

JSON

Related for CVE-2011-5291

prion1 cvelist1