CVE-2007-4982

Name of the Vulnerable Software and Affected Versions MW6 Technologies QRCode ActiveX versions 3.0.0.1 and earlier

Description The issue allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the (1) SaveAsBMP or (2) SaveAsWMF method of the MW6QRCode.QRCode.1 ActiveX control in MW6QRCode.dll.

Recommendations For versions 3.0.0.1 and earlier, consider disabling the SaveAsBMP and SaveAsWMF methods until a patch is available to prevent exploitation. Restrict access to the MW6QRCode.dll to minimize the risk of arbitrary file creation or overwrite. At the moment, there is no information about a newer version that contains a fix for this vulnerability.