Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-1725

Overview

Vulnerability Score 9.0 9.0
CVE Id CVE-2008-1725
Last Modified 05 Sep 2008 12:00:00
Published 11 Apr 2008 03:05:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-1725

Summary

The IBizEBank.FIProfile.1 ActiveX control in fiprofile20.ocx in IBiz E-Banking Integrator (formerly IBiz OFX Integrator) 2.0.2932 exposes the unsafe WriteOFXDataFile method, which allows remote attackers to overwrite arbitrary files via a full pathname in the argument. NOTE: some of these details are obtained from third party information.

Vulnerable Systems

Application

  • Nsoftware Ibiz E-banking Integrator 2.0.2932


References

XF - ibiz-fiprofile20-file-overwrite(41752)

BID - 28700

OSVDB - 44393

MILW0RM - 5416

SECUNIA - 29758


Last Updated: 27 May 2016 10:47:38