Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-5292

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2011-5292
Last Modified 02 Jan 2015 07:32:39
Published 31 Dec 2014 09:59:08
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-5292

Summary

The EaseWeFtp.FtpLibrary ActiveX control in EaseWeFtp.ocx in Easewe FTP OCX 4.5.0.9 does not restrict access to certain methods, which allows remote attackers to execute arbitrary files via a pathname in the first argument to the (1) Execute or (2) Run method, (3) write to arbitrary files via a pathname in the argument to the CreateLocalFile method, (4) create arbitrary directories via a pathname in the argument to the CreateLocalFolder method, or (5) delete arbitrary files via a pathname in the argument to the DeleteLocalFile method.

Vulnerable Systems

Application

  • Easewe Software Easewe Ftp Ocx Activex Control 4.5.0.9


References

MISC - https://www.htbridge.com/advisory/HTB23015


Last Updated: 27 May 2016 11:07:24