CVE-2008-2015

Name of the Vulnerable Software and Affected Versions WatchFire AppScan version 7.0

Description The issue allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the (1) CompactSave and (2) SaveSession method in one control, and the (3) saveRecordedExploreToFile method in a different control. This can be leveraged for code execution by writing to a Startup folder.

Recommendations For WatchFire AppScan version 7.0, consider disabling the CompactSave, SaveSession, and saveRecordedExploreToFile methods as a temporary workaround until a patch is available. Restrict access to the affected ActiveX controls to minimize the risk of exploitation. Avoid using the affected methods in the ActiveX controls until the issue is resolved.