ID CVE-2009-0389
Summary Multiple insecure method vulnerabilities in the Web On Windows (WOW) ActiveX control in WOW ActiveX 2 allow remote attackers to (1) create and overwrite arbitrary files via the WriteIniFileString method, (2) execute arbitrary programs via the ShellExecute method, (3) read from the registry via unspecified vectors, and (4) write to the registry via unspecified vectors. NOTE: vectors 1 and 2 can be used together to execute arbitrary code.
References
Vulnerable Configurations
  • cpe:2.3:a:eztools-software:web_on_windows_activex:2:*:*:*:*:*:*:*
    cpe:2.3:a:eztools-software:web_on_windows_activex:2:*:*:*:*:*:*:*
CVSS
Base: 9.3 (as of 29-09-2017 - 01:33)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:M/Au:N/C:C/I:C/A:C
refmap via4
bid 33515
exploit-db 7910
xf wow-writeinifilestring-code-execution(48337)
Last major update 29-09-2017 - 01:33
Published 02-02-2009 - 22:00
Last modified 29-09-2017 - 01:33
Back to Top