Lucene search

[email protected]CVE-2011-5292

HistoryJan 01, 2015 - 2:59 a.m.

CVE-2011-5292

2015-01-0102:59:00

CWE-264

[email protected]

web.nvd.nist.gov

cve-2011-5292

easeweftp

ftplibrary

activex control

easewe ftp ocx

security vulnerability

remote code execution

unauthorized access

7.8 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.007 Low

EPSS

Percentile

80.0%

JSON

The EaseWeFtp.FtpLibrary ActiveX control in EaseWeFtp.ocx in Easewe FTP OCX 4.5.0.9 does not restrict access to certain methods, which allows remote attackers to execute arbitrary files via a pathname in the first argument to the (1) Execute or (2) Run method, (3) write to arbitrary files via a pathname in the argument to the CreateLocalFile method, (4) create arbitrary directories via a pathname in the argument to the CreateLocalFolder method, or (5) delete arbitrary files via a pathname in the argument to the DeleteLocalFile method.

CPENameOperatorVersion
easewe_software:easewe_ftp_ocx_activex_controleasewe software easewe ftp ocx activex controleq4.5.0.9

CPE	Name	Operator	Version
easewe_software:easewe_ftp_ocx_activex_control	easewe software easewe ftp ocx activex control	eq	4.5.0.9

References

www.htbridge.com/advisory/HTB23015

7.8 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.007 Low

EPSS

Percentile

80.0%

JSON

Related for CVE-2011-5292

prion1 cvelist1