CVE-2007-5219 Information

Description

Directory traversal vulnerability in the CLAVSetting.CLSetting.1 ActiveX control in CLAVSetting.DLL 1.00.1829 in the CLAVSetting module in CyberLink PowerDVD 7.0 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in the argument to the CreateNewFile method.

Reference

http://osvdb.org/37725 http://secunia.com/advisories/27039 http://www.securityfocus.com/bid/25888 http://www.securitytracker.com/id?1018758 http://www.vupen.com/english/advisories/2007/3328 https://exchange.xforce.ibmcloud.com/vulnerabilities/36902 https://www.exploit-db.com/exploits/4479