CVE-2009-0865 – GeoVision LiveX 8200 - ActiveX 'LIVEX_~1.OCX' File Corruption

https://notcve.org/view.php?id=CVE-2009-0865

Directory traversal vulnerability in the SnapShotToFile method in the GeoVision LiveX (aka LiveX_v8200) ActiveX control 8.1.2 and 8.2.0 in LIVEX_~1.OCX allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in the argument, possibly involving the PlayX and SnapShotX methods. Vulnerabilidad de salto de directorio en el método SnapShotToFile en el control ActiveX GeoVision LiveX (tambien conocido como LiveX_v8200) v8.1.2 y 8.2.0 en LIVEX_~1.OCX lo que permite a atacantes remotos crear o sobrescribir ficheros arbitrariamente a través de ..(punto punto) en el argumento, posiblemente implicando los métodos PlayX y SnapShotX. • https://www.exploit-db.com/exploits/8059 http://secunia.com/advisories/33969 http://www.securityfocus.com/bid/33782 https://exchange.xforce.ibmcloud.com/vulnerabilities/48773 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •