CVE-2011-5292 Information

Description

The EaseWeFtp.FtpLibrary ActiveX control in EaseWeFtp.ocx in Easewe FTP OCX 4.5.0.9 does not restrict access to certain methods which allows remote attackers to execute arbitrary files via a pathname in the first argument to the (1) Execute or (2) Run method (3) write to arbitrary files via a pathname in the argument to the CreateLocalFile method (4) create arbitrary directories via a pathname in the argument to the CreateLocalFolder method or (5) delete arbitrary files via a pathname in the argument to the DeleteLocalFile method.

Reference

https://www.htbridge.com/advisory/HTB23015