IBiz E-Banking Integrator ActiveX控件WriteOFXDataFile()不安全调用漏洞

BUGTRAQ ID: 28700 IBiz E-Banking Integrator是用于从银行、投资公司等帐号访问财务交易信息的解决方案。 IBiz E-Banking Integrator所提供的IBizEBank.FIProfile.1 ActiveX控件（fiprofile20.ocx）没有正确地处理对WriteOFXDataFile方式的调用，如果用户受骗访问了恶意网页的话，就可能导致以当前登录用户的权限覆盖和破坏系统上的任意文件。 /n software IBiz E-Banking Integrator 2.0 /n software -----------...

Design/Logic Flaw

The IBizEBank.FIProfile.1 ActiveX control in fiprofile20.ocx in IBiz E-Banking Integrator formerly IBiz OFX Integrator 2.0.2932 exposes the unsafe WriteOFXDataFile method, which allows remote attackers to overwrite arbitrary files via a full pathname in the argument. NOTE: some of these details a...

CVE-2008-1725

The IBizEBank.FIProfile.1 ActiveX control in fiprofile20.ocx in IBiz E-Banking Integrator formerly IBiz OFX Integrator 2.0.2932 exposes the unsafe WriteOFXDataFile method, which allows remote attackers to overwrite arbitrary files via a full pathname in the argument. NOTE: some of these details a...

CVE-2008-1725

The CVE-2008-1725 entry concerns the IBiz E-Banking Integrator’s ActiveX control (IBizEBank.FIProfile.1) in fiprofile20.ocx, version 2.0.2932. The vulnerability arises from the unsafe WriteOFXDataFile method, which allows a remote attacker to overwrite arbitrary files by passing a full pathname a...