CVE-2009-0134 - Insecure method vulnerability in the EasyGrid.SGCtrl.32 ActiveX control in EasyGrid.ocx 1.0.0.1 in A

CVE-2009-0134

Summary

Insecure method vulnerability in the EasyGrid.SGCtrl.32 ActiveX control in EasyGrid.ocx 1.0.0.1 in AAA EasyGrid ActiveX 3.51 allows remote attackers to create and overwrite arbitrary files via the (1) DoSaveFile or (2) DoSaveHtmlFile method. NOTE: vector 1 could be leveraged for code execution by creating executable files in Startup folders or by accessing files using hcp:// URLs. NOTE: some of these details are obtained from third party information.

References

Vulnerable Configurations

cpe:2.3:a:share2:easy_grid_control:3.51:*:*:*:*:*:*:*
cpe:2.3:a:share2:easy_grid_control:3.51:*:*:*:*:*:*:*

CVSS

Base:	9.3 (as of 29-09-2017 - 01:33)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:M/Au:N/C:C/I:C/A:C

refmap via4

bid	33272
exploit-db	7779
secunia	33537
sreason	4913
xf	easygrid-activex-dosavefile-file-overwrite(47946)

Last major update

29-09-2017 - 01:33

Published

16-01-2009 - 18:30

Last modified

29-09-2017 - 01:33