PT-2002-2408 · Badblue+2 · Badblue Personal Edition+3

Publicado

2002-12-31

Atualizado

2017-07-11

CVE-2002-1684

CVSS v2.0

5.0

Média

Vetor

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Deerfield D2Gfx version 1.0.2 BadBlue Enterprise Edition versions 1.5.x BadBlue Personal Edition version 1.5.6

Description A directory traversal issue allows remote attackers to read arbitrary files by using a ../ (dot dot slash) in the script used to read Microsoft Office documents.

Recommendations For Deerfield D2Gfx version 1.0.2, update the script used to read Microsoft Office documents to properly handle ../ (dot dot slash) sequences. For BadBlue Enterprise Edition versions 1.5.x, restrict access to the script used to read Microsoft Office documents until a proper fix is applied. For BadBlue Personal Edition version 1.5.6, consider disabling the functionality to read Microsoft Office documents via the vulnerable script until an update is available.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2002-1684

Produtos afetados

Badblue Enterprise Edition

Badblue Personal Edition

Deerfield D2Gfx

Office

PT-2002-2408 · Badblue+2 · Badblue Personal Edition+3

CVE-2002-1684

Identificadores relacionados

Produtos afetados

Referências · 5