Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-1743

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2009-1743
Last Modified 01 Jul 2009 12:00:00
Published 20 May 2009 08:30:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2009-1743

Summary

Directory traversal vulnerability in InstallHFZ.exe 6.5.201.0 in Pinnacle Hollywood Effects 6, a module in Pinnacle Systems Pinnacle Studio 12, allows remote attackers to create and overwrite arbitrary files via a filename containing a ..\ (dot dot backslash) sequence in a Hollywood FX Compressed Archive (.hfz) file. NOTE: this can be leveraged for code execution by decompressing a file to a Startup folder. NOTE: some of these details are obtained from third party information.

Vulnerable Systems

Application

  • Pinnaclesys Pinnacle Studio 12


References

XF - pinnaclestudio-hfz-directory-traversal(50510)

BID - 34936

BUGTRAQ - 20090513 Pinnacle Studio 12 "Hollywood FX Compressed Archive" (.hfz) directory traversal vulnerability poc

MILW0RM - 8670

SECUNIA - 35078

MISC - http://retrogod.altervista.org/9sg_pinnacle_studio_12_hfz.htm

OSVDB - 54430


Last Updated: 27 May 2016 10:50:39