Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-2891

Overview

Vulnerability Score 6.4 6.4
CVE Id CVE-2005-2891
Last Modified 05 Sep 2008 04:52:56
Published 14 Sep 2005 04:03:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-2891

Summary

WebArchiveX.dll 5.5.0.76 installed before September 6th, 2005 is marked safe for scripting by default, which allows remote attackers to read or write to arbitrary files via the (1) MakeArchive or (2) MakeArchiveStr methods.

Vulnerable Systems

Application

  • Csystems Webarchivex 5.5.0.76


References

XF - webarchivex-component-file-manipulation(22188)

SECTRACK - 1014867

BID - 14760

MISC - http://security-assessment.com/Advisories/WebArchiveX_-_Unsafe_Methods_Vulnerability.pdf

SECUNIA - 16722

BUGTRAQ - 20050907 WebArchiveX - Unsafe Methods Vulnerability


Last Updated: 27 May 2016 10:40:40