CVE-2009-0134

Name of the Vulnerable Software and Affected Versions AAA EasyGrid ActiveX version 3.51

Description The issue concerns an insecure method vulnerability in the EasyGrid.SGCtrl.32 ActiveX control. This vulnerability allows remote attackers to create and overwrite arbitrary files. Attackers can leverage this issue via the DoSaveFile or DoSaveHtmlFile method. It is noted that this vulnerability could potentially be used for code execution by creating executable files in Startup folders or by accessing files using hcp:// URLs.

Recommendations For AAA EasyGrid ActiveX version 3.51, consider disabling the DoSaveFile and DoSaveHtmlFile methods as a temporary workaround until a patch is available. Restrict access to the EasyGrid.SGCtrl.32 ActiveX control to minimize the risk of exploitation. Avoid using the EasyGrid.SGCtrl.32 ActiveX control in sensitive environments until the issue is resolved.