Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-4982

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2007-4982
Last Modified 07 Mar 2011 09:59:46
Published 19 Sep 2007 02:17:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2007-4982

Summary

Multiple absolute path traversal vulnerabilities in the MW6QRCode.QRCode.1 ActiveX control in MW6QRCode.dll in MW6 Technologies QRCode ActiveX 3.0.0.1 and earlier allow remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the (1) SaveAsBMP or (2) SaveAsWMF method. NOTE: some of these details are obtained from third party information.

Vulnerable Systems

Application

  • Mw6 Technologies Qrcode Activex 3.0.0.1


References

VUPEN - ADV-2007-3195

MISC - http://www.shinnai.altervista.org/exploits/OREurGhGgAtlCT8J2jSY.html

MILW0RM - 4420

SECUNIA - 26836

OSVDB - 37915

OSVDB - 37914

XF - mw6technologies-qrcode-file-overwrite(36666)

BID - 25702


Last Updated: 27 May 2016 10:46:02