CVE-2008-5404

Insecure method vulnerability in the FlexCell.Grid ActiveX control in FlexCell.ocx 5.7.0.1 in FlexCell Grid ActiveX Component allows remote attackers to create and overwrite arbitrary files via the HttpDownloadFile method. NOTE: this could be leveraged for code execution by creating executable...

FlexCell Grid ActiveX控件任意文件覆盖漏洞

BUGTRAQ ID: 32443 FlexCell Grid ActiveX控件是一款表格控制工具，提供拷贝、拷贝预览、图表、合并单元格等全面功能。 FlexCell Grid ActiveX控件（FlexCell.ocx）没有正确地验证对HttpDownloadFile方式的输入参数，如果远程攻击者受骗访问了恶意网站并向该方式传送了特制参数的话，就可能导致以当前登录用户的权限覆盖任意系统文件。 FlexCell Technologies FlexCell Grid ActiveX 5.7.0.1 FlexCell Technologies ---------------------...