CVE-2007-5320 – Pegasus Imaging ImagXpress 8.0 - Arbitrary File Overwrite

https://notcve.org/view.php?id=CVE-2007-5320

Multiple absolute path traversal vulnerabilities in Pegasus Imaging ImagXpress 8.0 allow remote attackers to (1) delete arbitrary files via the CacheFile attribute in the ThumbnailXpres.1 ActiveX control (PegasusImaging.ActiveX.ThumnailXpress1.dll) or (2) overwrite arbitrary files via the CompactFile function in the ImagXpress.8 ActiveX control (PegasusImaging.ActiveX.ImagXpress8.dll). Múltiples vulnerabilidades de salto de directorio absoluto en Pegasus Imaging ImagXpress 8.0 permite a atacantes remotos (1) borrar ficheros de su elección mediante el atributo CacheFile en el control ActiveX ThumbnailXpres.1 (PegasusImaging.ActiveX.ThumnailXpress1.dll) o (2) sobrescribir ficheros de su elección mediante la función CompactFile en el control ActiveX ImagXpress.8 (PegasusImaging.ActiveX.ImagXpress8.dll). • https://www.exploit-db.com/exploits/4488 http://osvdb.org/37959 http://osvdb.org/37960 http://secunia.com/advisories/27095 http://shinnai.altervista.org/exploits/txt/TXT_3DQ1nIkI6zmWCek4zP5U.html http://shinnai.altervista.org/exploits/txt/TXT_wfv7ZG0G6KnQlk1SieLd.html http://www.securityfocus.com/bid/25948 http://www.securityfocus.com/bid/25949 http://www.vupen.com/english/advisories/2007/3388 https://exchange.xforce.ibmcloud.com/vulnerabilities/37012 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •