CVE-2007-4583

Name of the Vulnerable Software and Affected Versions ACTi Network Video Recorder (NVR) SP2 version 2.0

Description The issue concerns absolute path traversal vulnerabilities in the nvUtility.Utility.1 ActiveX control. Remote attackers can create or overwrite arbitrary files by providing a full pathname in the first argument to the SaveXMLFile method, or delete arbitrary files by providing a full pathname in the argument to the DeleteXMLFile method.

Recommendations For ACTi Network Video Recorder (NVR) SP2 version 2.0, consider restricting access to the SaveXMLFile and DeleteXMLFile methods until a patch is available. As a temporary workaround, avoid using the SaveXMLFile and DeleteXMLFile methods with untrusted input to minimize the risk of exploitation.