PT-2015-3486 · Idrive+1 · Idrive Online Backup+1

Published

2015-01-01

Updated

2015-01-03

CVE-2011-5290

CVSS v2.0

6.4

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:P

Name of the Vulnerable Software and Affected Versions IDrive Online Backup version 3.4.0

Description The issue concerns the SaveToFile method in the UniBasicPack.UniTextBox ActiveX control, which allows remote attackers to write to arbitrary files by specifying a pathname in the first argument.

Recommendations For IDrive Online Backup version 3.4.0, consider disabling the SaveToFile method in the UniBasicPack.UniTextBox ActiveX control until a patch is available. Restrict access to this method to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2011-5290

Affected Products

Idrive Online Backup

PT-2015-3486 · Idrive+1 · Idrive Online Backup+1

CVE-2011-5290

Weakness Enumeration

Related Identifiers

Affected Products

References · 2