CVE Vulnerability

CVE-2007-2266

Progress Webspeed Messenger allows remote attackers to read, create, modify, and execute arbitrary files by invoking webutil/_cpyfile.p in the WService parameter to (1) cgiip.exe or (2) wsisa.dll in scripts/, as demonstrated by using the save,editor options to create a new file using the fileName parameter.

10 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 10 / Impact : 10

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

Scope

References
Link Resource
http://www.securityfocus.com/bid/23634 Exploit
http://www.ishare.nl/
http://secunia.com/advisories/24988 Vendor Advisory
http://www.securityfocus.com/archive/1/472574/100/0/threaded
http://www.securityfocus.com/archive/1/466771/100/0/threaded
Configurations

Configuration 1

cpe:2.3:a:progress:webspeed_messenger:*:*:*:*:*:*:*:*
Information

Published : 2007-04-25 08:19

Updated : 2018-10-16 04:42

NVD link : CVE-2007-2266

Mitre link : CVE-2007-2266

Products Affected
No products.
CWE
NVD-CWE-Other