PT-2007-5270 · Clevercomponents · Clever Internet Activex Suite

Shinnai

Published

2007-07-30

Updated

2017-09-29

CVE-2007-4067

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: Clever Internet ActiveX Suite version 6.2

Description: The issue is related to an absolute path traversal vulnerability in the clInetSuiteX6.clWebDav ActiveX control. This vulnerability allows remote attackers to create or overwrite arbitrary files by providing a full pathname in the second argument to the GetToFile method.

Recommendations: For Clever Internet ActiveX Suite version 6.2, consider restricting access to the clInetSuiteX6.clWebDav ActiveX control until a patch is available. As a temporary workaround, avoid using the GetToFile method with untrusted input to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2007-4067

Affected Products

Clever Internet Activex Suite

PT-2007-5270 · Clevercomponents · Clever Internet Activex Suite

CVE-2007-4067

Related Identifiers

Affected Products

References · 7