Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-4583

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2007-4583
Last Modified 07 Mar 2011 09:58:49
Published 28 Aug 2007 09:17:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2007-4583

Summary

Multiple absolute path traversal vulnerabilities in the nvUtility.Utility.1 ActiveX control in nvUtility.dll 1.0.14.0 in ACTi Network Video Recorder (NVR) SP2 2.0 allow remote attackers to (1) create or overwrite arbitrary files via a full pathname in the first argument to the SaveXMLFile method or (2) delete arbitrary files via a full pathname in the argument to the DeleteXMLFile method.

Vulnerable Systems

Application

  • Acti Network Video Recorder Sp2 2.0


References

VUPEN - ADV-2007-2993

MILW0RM - 4324

MILW0RM - 4323

OSVDB - 38387

OSVDB - 38386

XF - actinvr-savexmlfile-file-overwrite(36304)

XF - actinvr-deletexmlfile-file-overwrite(36303)

BID - 25465

SECUNIA - 26622


Last Updated: 27 May 2016 10:45:54