CVE-2008-1725

Name of the Vulnerable Software and Affected Versions IBiz E-Banking Integrator versions 2.0.2932

Description The issue concerns the IBizEBank.FIProfile.1 ActiveX control in the fiprofile20.ocx file, which exposes an unsafe method. This method allows remote attackers to overwrite arbitrary files by providing a full pathname in the argument.

Recommendations For version 2.0.2932, consider disabling the WriteOFXDataFile method as a temporary workaround until a patch is available. Restrict access to the fiprofile20.ocx file to minimize the risk of exploitation. Avoid using the full pathname argument in the affected method until the issue is resolved.