CVE-2007-3459

Name of the Vulnerable Software and Affected Versions Avax Vector version 1.3

Description The issue concerns a certain ActiveX control in Avaxswf.dll that allows remote attackers to create or overwrite arbitrary files. This is achieved by providing a full pathname in the argument to the WriteMovie method.

Recommendations For Avax Vector version 1.3, consider restricting access to the WriteMovie method until a patch is available. As a temporary workaround, avoid using the WriteMovie method with untrusted input to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.