Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-0389

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2009-0389
Last Modified 03 Feb 2009 12:00:00
Published 02 Feb 2009 05:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2009-0389

Summary

Multiple insecure method vulnerabilities in the Web On Windows (WOW) ActiveX control in WOW ActiveX 2 allow remote attackers to (1) create and overwrite arbitrary files via the WriteIniFileString method, (2) execute arbitrary programs via the ShellExecute method, (3) read from the registry via unspecified vectors, and (4) write to the registry via unspecified vectors. NOTE: vectors 1 and 2 can be used together to execute arbitrary code.

Vulnerable Systems

Application

  • Eztools-software Web On Windows Activex 2


References

XF - wow-writeinifilestring-code-execution(48337)

BID - 33515

MILW0RM - 7910


Last Updated: 27 May 2016 10:50:14