CVE-2009-0865
GeoVision LiveX 8200 - ActiveX 'LIVEX_~1.OCX' File Corruption
Severity Score
8.8
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
2
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Directory traversal vulnerability in the SnapShotToFile method in the GeoVision LiveX (aka LiveX_v8200) ActiveX control 8.1.2 and 8.2.0 in LIVEX_~1.OCX allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in the argument, possibly involving the PlayX and SnapShotX methods.
Vulnerabilidad de salto de directorio en el método SnapShotToFile en el control ActiveX GeoVision LiveX (tambien conocido como LiveX_v8200) v8.1.2 y 8.2.0 en LIVEX_~1.OCX lo que permite a atacantes remotos crear o sobrescribir ficheros arbitrariamente a través de ..(punto punto) en el argumento, posiblemente implicando los métodos PlayX y SnapShotX.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2009-03-10 CVE Reserved
- 2009-03-10 CVE Published
- 2024-08-07 CVE Updated
- 2024-08-07 First Exploit
- 2024-12-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/48773 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/8059 | 2024-08-07 | |
| http://www.securityfocus.com/bid/33782 | 2024-08-07 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/33969 | 2017-10-19 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Geovision Search vendor "Geovision" | Livex Activex Control Search vendor "Geovision" for product "Livex Activex Control" | 8.1.2.0 Search vendor "Geovision" for product "Livex Activex Control" and version "8.1.2.0" | - |
Affected
| ||||||
| Geovision Search vendor "Geovision" | Livex Activex Control Search vendor "Geovision" for product "Livex Activex Control" | 8.2.0.0 Search vendor "Geovision" for product "Livex Activex Control" and version "8.2.0.0" | - |
Affected
| ||||||