CVE-2000-0769 - O'Reilly WebSite Pro 2.3.7 installs the uploader.exe program with execute permissions for all users,

CVE-2000-0769

Summary

O'Reilly WebSite Pro 2.3.7 installs the uploader.exe program with execute permissions for all users, which allows remote attackers to create and execute arbitrary files by directly calling uploader.exe.

References

http://marc.info/?l=bugtraq&m=96715834610888&w=2
http://www.securityfocus.com/bid/1611

Vulnerable Configurations

cpe:2.3:a:oreilly:website_pro:*:*:*:*:*:*:*:*
cpe:2.3:a:oreilly:website_pro:*:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 18-10-2016 - 02:07)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	1611
bugtraq	20000824 WebServer Pro 2.3.7 Vulnerability

Last major update

18-10-2016 - 02:07

Published

20-10-2000 - 04:00

Last modified

18-10-2016 - 02:07