PT-2009-4215 · Pinnacle Systems · Installhfz.Exe+2
Nine:Situations:Group
·
Publicado
2009-05-21
·
Atualizado
2018-10-10
·
CVE-2009-1743
CVSS v2.0
9.3
Alta
| Vetor | AV:N/AC:M/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions:
Pinnacle Studio 12 version 6.5.201.0
Description:
A directory traversal issue exists, allowing remote attackers to create and overwrite arbitrary files via a filename containing a .. (dot dot backslash) sequence in a Hollywood FX Compressed Archive (.hfz) file. This can potentially be leveraged for code execution by decompressing a file to a Startup folder.
Recommendations:
For version 6.5.201.0, consider restricting access to the InstallHFZ.exe module to minimize the risk of exploitation. As a temporary workaround, avoid using the Hollywood FX Compressed Archive (.hfz) file format until a patch is available.
Exploit
Correção
Path traversal
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Hollywood Fx
Installhfz.Exe
Pinnacle Studio