PT-2007-4730 · Avax · Avax Vector

Callax

Published

2007-06-27

Updated

2018-10-16

CVE-2007-3459

CVSS v2.0

6.4

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:P

Name of the Vulnerable Software and Affected Versions Avax Vector version 1.3

Description The issue concerns a certain ActiveX control in Avaxswf.dll that allows remote attackers to create or overwrite arbitrary files. This is achieved by providing a full pathname in the argument to the WriteMovie method.

Recommendations For Avax Vector version 1.3, consider restricting access to the WriteMovie method until a patch is available. As a temporary workaround, avoid using the WriteMovie method with untrusted input to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2007-3459

Affected Products

Avax Vector

PT-2007-4730 · Avax · Avax Vector

CVE-2007-3459

Related Identifiers

Affected Products

References · 7