CVE-2009-0465

Name of the Vulnerable Software and Affected Versions Synactis ALL In-The-Box ActiveX version 3

Description The issue concerns the SaveDoc method in the All In The Box.AllBox ActiveX control, which allows remote attackers to create and overwrite arbitrary files. This is achieved by providing an argument that ends in a '0' character, effectively bypassing the intended .box filename extension. For example, an argument like 'C:boot.ini0' can be used to exploit this issue.

Recommendations For Synactis ALL In-The-Box ActiveX version 3, consider restricting access to the SaveDoc method in the All In The Box.AllBox ActiveX control until a patch is available. As a temporary workaround, avoid using arguments that end in a '0' character to minimize the risk of exploitation.