Описание
Directory traversal vulnerability in the UmxEventCli.CachedAuditDataList.1 (aka UmxEventCliLib) ActiveX control in UmxEventCli.dll in CA Internet Security Suite 2008 allows remote attackers to create and overwrite arbitrary files via a .. (dot dot) in the argument to the SaveToFile method. NOTE: this can be leveraged for code execution by writing to a Startup folder. NOTE: some of these details are obtained from third party information.
Directory traversal vulnerability in the UmxEventCli.CachedAuditDataList.1 (aka UmxEventCliLib) ActiveX control in UmxEventCli.dll in CA Internet Security Suite 2008 allows remote attackers to create and overwrite arbitrary files via a .. (dot dot) in the argument to the SaveToFile method. NOTE: this can be leveraged for code execution by writing to a Startup folder. NOTE: some of these details are obtained from third party information.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2008-2511
- https://exchange.xforce.ibmcloud.com/vulnerabilities/42712
- https://www.exploit-db.com/exploits/5682
- http://retrogod.altervista.org/9sg_CA_poc.html
- http://secunia.com/advisories/30420
- http://www.securityfocus.com/archive/1/492679/100/0/threaded
- http://www.securitytracker.com/id?1020129
- http://www.vupen.com/english/advisories/2008/1696/references
Связанные уязвимости
Directory traversal vulnerability in the UmxEventCli.CachedAuditDataList.1 (aka UmxEventCliLib) ActiveX control in UmxEventCli.dll in CA Internet Security Suite 2008 allows remote attackers to create and overwrite arbitrary files via a .. (dot dot) in the argument to the SaveToFile method. NOTE: this can be leveraged for code execution by writing to a Startup folder. NOTE: some of these details are obtained from third party information.