PT-2000-1701 · O'Reilly · O'Reilly Website Pro

Published

2000-10-20

Updated

2016-10-18

CVE-2000-0769

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions O'Reilly WebSite Pro version 2.3.7

Description The issue allows remote attackers to create and execute arbitrary files by directly calling the uploader.exe program, which is installed with execute permissions for all users.

Recommendations For O'Reilly WebSite Pro version 2.3.7, consider removing execute permissions for all users from the uploader.exe program to prevent unauthorized access. As a temporary workaround, restrict access to the uploader.exe program until a patch is available.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2000-0769

Affected Products

O'Reilly Website Pro

PT-2000-1701 · O'Reilly · O'Reilly Website Pro

CVE-2000-0769

Related Identifiers

Affected Products

References · 4