PT-2002-2408 · Badblue+2 · Badblue Personal Edition+3

Published

2002-12-31

Updated

2017-07-11

CVE-2002-1684

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Deerfield D2Gfx version 1.0.2 BadBlue Enterprise Edition versions 1.5.x BadBlue Personal Edition version 1.5.6

Description A directory traversal issue allows remote attackers to read arbitrary files by using a ../ (dot dot slash) in the script used to read Microsoft Office documents.

Recommendations For Deerfield D2Gfx version 1.0.2, update the script used to read Microsoft Office documents to properly handle ../ (dot dot slash) sequences. For BadBlue Enterprise Edition versions 1.5.x, restrict access to the script used to read Microsoft Office documents until a proper fix is applied. For BadBlue Personal Edition version 1.5.6, consider disabling the functionality to read Microsoft Office documents via the vulnerable script until an update is available.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2002-1684

Affected Products

Badblue Enterprise Edition

Badblue Personal Edition

Deerfield D2Gfx

Office

PT-2002-2408 · Badblue+2 · Badblue Personal Edition+3

CVE-2002-1684

Related Identifiers

Affected Products

References · 5