CVE-2007-5320 Information
Description
Multiple absolute path traversal vulnerabilities in Pegasus Imaging ImagXpress 8.0 allow remote attackers to (1) delete arbitrary files via the CacheFile attribute in the ThumbnailXpres.1 ActiveX control (PegasusImaging.ActiveX.ThumnailXpress1.dll) or (2) overwrite arbitrary files via the CompactFile function in the ImagXpress.8 ActiveX control (PegasusImaging.ActiveX.ImagXpress8.dll).
Reference
http://osvdb.org/37959 http://osvdb.org/37960 http://secunia.com/advisories/27095 http://shinnai.altervista.org/exploits/txt/TXT_3DQ1nIkI6zmWCek4zP5U.html http://shinnai.altervista.org/exploits/txt/TXT_wfv7ZG0G6KnQlk1SieLd.html http://www.securityfocus.com/bid/25948 http://www.securityfocus.com/bid/25949 http://www.vupen.com/english/advisories/2007/3388 https://exchange.xforce.ibmcloud.com/vulnerabilities/37012
Share on: