PT-2009-3119 · Synactis · Synactis All In-The-Box Activex

Published

2009-02-06

Updated

2017-09-29

CVE-2009-0465

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Synactis ALL In-The-Box ActiveX version 3

Description The issue concerns the SaveDoc method in the All In The Box.AllBox ActiveX control, which allows remote attackers to create and overwrite arbitrary files. This is achieved by providing an argument that ends in a '0' character, effectively bypassing the intended .box filename extension. For example, an argument like 'C:boot.ini0' can be used to exploit this issue.

Recommendations For Synactis ALL In-The-Box ActiveX version 3, consider restricting access to the SaveDoc method in the All In The Box.AllBox ActiveX control until a patch is available. As a temporary workaround, avoid using arguments that end in a '0' character to minimize the risk of exploitation.

Exploit

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2009-0465

Affected Products

Synactis All In-The-Box Activex

PT-2009-3119 · Synactis · Synactis All In-The-Box Activex

CVE-2009-0465

Weakness Enumeration

Related Identifiers

Affected Products

References · 7