CVE-2007-5320

Name of the Vulnerable Software and Affected Versions: Pegasus Imaging ImagXpress version 8.0

Description: The issue allows remote attackers to perform absolute path traversal attacks. This can be achieved in two ways: (1) by deleting arbitrary files via the CacheFile attribute in the ThumbnailXpress.1 ActiveX control, or (2) by overwriting arbitrary files via the CompactFile function in the ImagXpress.8 ActiveX control.

Recommendations: For Pegasus Imaging ImagXpress version 8.0, consider disabling the ThumbnailXpress.1 and ImagXpress.8 ActiveX controls to prevent exploitation until a patch is available. Restrict access to the CacheFile attribute and the CompactFile function to minimize the risk of arbitrary file deletion or overwrite. At the moment, there is no information about a newer version that contains a fix for this vulnerability.