Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-0134

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2009-0134
Last Modified 29 Jan 2009 02:01:03
Published 16 Jan 2009 01:30:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2009-0134

Summary

Insecure method vulnerability in the EasyGrid.SGCtrl.32 ActiveX control in EasyGrid.ocx 1.0.0.1 in AAA EasyGrid ActiveX 3.51 allows remote attackers to create and overwrite arbitrary files via the (1) DoSaveFile or (2) DoSaveHtmlFile method. NOTE: vector 1 could be leveraged for code execution by creating executable files in Startup folders or by accessing files using hcp:// URLs. NOTE: some of these details are obtained from third party information.

Vulnerable Systems

Application

  • Share2 Easy Grid Control 3.51


References

XF - easygrid-activex-dosavefile-file-overwrite(47946)

BID - 33272

MILW0RM - 7779

SREASON - 4913

SECUNIA - 33537


Last Updated: 27 May 2016 10:50:07