NVD

Id
47797  
Name
CVE-2009-0465  
Description
The SaveDoc method in the All_In_The_Box.AllBox ActiveX control in ALL_IN_THE_BOX.OCX in Synactis ALL In-The-Box ActiveX 3 allows remote attackers to create and overwrite arbitrary files via an argument ending in a "" character, which bypasses the intended .box filename extension, as demonstrated by a C:oot.ini argument.  
Reject
 
CVSS Version
2  
CVSS Score
9.3  
Severity
High  
CVSS Base Score
9.3  
CVSS Impact Subscore
10  
CVSS Exploit Subscore
8.6  
CVSS Vector
(AV:N/AC:M/Au:N/C:C/I:C/A:C)  
Pub Date
2017-01-07  
Published
2009-02-10  
Modified Date
2009-03-06  
Seq
2009-0465  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
239455 47797 CVE-2009-0465 http://www.dsecrg.com/pages/vul/show.php?id=62  View
239456 47797 CVE-2009-0465 7928  View
239457 47797 CVE-2009-0465 33535  View
239458 47797 CVE-2009-0465 ADV-2009-0298  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
44793 JVNDB-2009-005800 Synactis ALL In-The-Box ActiveX の ALL_IN_THE_BOX.OCX における任意のファイルを作成される脆弱性 Synactis ALL In-The-Box ActiveX の ALL_IN_THE_BOX.OCX の All_In_The_Box.AllBox ActiveX コントロールの SaveDoc メソッドは、ファイル名の拡張子 .box を回避されるため、任意のファイルを作成される、および上書きされる脆弱性が存在します。 CVE-2009-0465 37896 CVE-2009-0465 47797 9.3 http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-005800.html 2009-02-10 2012-12-20 View