CVE-2007-2266

Name of the Vulnerable Software and Affected Versions Progress Webspeed Messenger (affected versions not specified)

Description The issue allows remote attackers to read, create, modify, and execute arbitrary files. This can be achieved by invoking webutil/ cpyfile.p in the WService parameter to either cgiip.exe or wsisa.dll in scripts/. An example of exploitation includes using the save and editor options to create a new file using the fileName parameter.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.