CVE-2009-2265 Information

Description

Multiple directory traversal vulnerabilities in FCKeditor before 2.6.4.1 allow remote attackers to create executable files in arbitrary directories via directory traversal sequences in the input to unspecified connector modules as exploited in the wild for remote code execution in July 2009 related to the file browser and the editor/filemanager/connectors/ directory.

Reference

http://isc.sans.org/diary.html?storyid=6724 http://mail.zope.org/pipermail/zope-dev/2009-July/037195.html http://secunia.com/advisories/35833 http://secunia.com/advisories/35909 http://sourceforge.net/project/shownotes.php?release_id=695430 http://www.debian.org/security/2009/dsa-1836 http://www.ocert.org/advisories/ocert-2009-007.html http://www.securityfocus.com/archive/1/504721/100/0/threaded http://www.securitytracker.com/id?1022513 http://www.vupen.com/english/advisories/2009/1813 http://www.vupen.com/english/advisories/2009/1825 https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00710.html https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00750.html