CVE Vulnerability

CVE-2007-5320

Multiple absolute path traversal vulnerabilities in Pegasus Imaging ImagXpress 8.0 allow remote attackers to (1) delete arbitrary files via the CacheFile attribute in the ThumbnailXpres.1 ActiveX control (PegasusImaging.ActiveX.ThumnailXpress1.dll) or (2) overwrite arbitrary files via the CompactFile function in the ImagXpress.8 ActiveX control (PegasusImaging.ActiveX.ImagXpress8.dll).

4 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 4.9 / Impact : 4.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact PARTIAL

Scope

References
Link Resource
http://shinnai.altervista.org/exploits/txt/TXT_3DQ1nIkI6zmWCek4zP5U.html Exploit
http://shinnai.altervista.org/exploits/txt/TXT_wfv7ZG0G6KnQlk1SieLd.html Exploit
http://www.securityfocus.com/bid/25948 Exploit
http://www.securityfocus.com/bid/25949
http://secunia.com/advisories/27095 Vendor Advisory
http://osvdb.org/37959
http://osvdb.org/37960
http://www.vupen.com/english/advisories/2007/3388
https://exchange.xforce.ibmcloud.com/vulnerabilities/37012
Configurations

Configuration 1

cpe:2.3:a:pegasus_imaging:imagxpress:8.0:*:*:*:*:*:*:*
Information

Published : 2007-10-09 10:17

Updated : 2017-07-29 01:33

NVD link : CVE-2007-5320

Mitre link : CVE-2007-5320

Products Affected
No products.
CWE
CWE-22