Vulnerabilites related to softartisans - xfile
Vulnerability from fkie_nvd
Published
2008-08-27 20:41
Modified
2025-04-09 00:30
Severity ?
Summary
Multiple stack-based buffer overflows in the FileManager ActiveX control in SAFmgPws.dll in SoftArtisans XFile before 2.4.0 allow remote attackers to execute arbitrary code via unspecified calls to the (1) BuildPath, (2) GetDriveName, (3) DriveExists, or (4) DeleteFile method.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| softartisans | xfile | * | |
| softartisans | xfile | 1.0 | |
| softartisans | xfile | 1.0.6 | |
| softartisans | xfile | 1.0.7 | |
| softartisans | xfile | 1.0.8 | |
| softartisans | xfile | 1.1 | |
| softartisans | xfile | 1.01 | |
| softartisans | xfile | 1.1.1 | |
| softartisans | xfile | 1.1.2 | |
| softartisans | xfile | 1.1.3 | |
| softartisans | xfile | 1.1.4 | |
| softartisans | xfile | 1.1.5 | |
| softartisans | xfile | 1.1.6 | |
| softartisans | xfile | 1.1.7 | |
| softartisans | xfile | 2.0 | |
| softartisans | xfile | 2.0.2 | |
| softartisans | xfile | 2.0.3 | |
| softartisans | xfile | 2.1.3 | |
| softartisans | xfile | 2.1.4 | |
| softartisans | xfile | 2.1.5 | |
| softartisans | xfile | 2.1.6 | |
| softartisans | xfile | 2.1.7 | |
| softartisans | xfile | 2.2.3 | |
| softartisans | xfile | 2.2.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:softartisans:xfile:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BDFD01A6-2CB3-4EF1-A81F-CF472294081C",
"versionEndIncluding": "2.3.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softartisans:xfile:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A349F44E-3A51-4702-BBB3-7D5B622C68C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softartisans:xfile:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "57F37B78-F308-4F2C-BEA4-96E91AA05906",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softartisans:xfile:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E0FAEA84-407B-4900-9642-60127D617C76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softartisans:xfile:1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "84A4500E-7D34-4436-8B27-B127C1D08CF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softartisans:xfile:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7F04D099-BFA4-4330-8AF3-EC395E436709",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softartisans:xfile:1.01:*:*:*:*:*:*:*",
"matchCriteriaId": "1B58368F-25B3-4FE4-A5C6-00F6C6888F6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softartisans:xfile:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FAE74F9B-2F6E-4445-9A34-A04E622F269E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softartisans:xfile:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CC26101E-077A-42AD-B82F-C5E19AC7FB97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softartisans:xfile:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "710AB2A2-293A-44D8-92EC-26143599BB31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softartisans:xfile:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AA5E00B5-1D19-4C95-9660-5E3B18E871B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softartisans:xfile:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E00A5FCF-31B6-4788-B836-34FEA4A5E1E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softartisans:xfile:1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "53C356DC-5C96-4F8D-83AD-3142E87F88B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softartisans:xfile:1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2E203841-ACD0-4B16-93BC-F650CB6F7853",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softartisans:xfile:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "92F3C27D-9BF4-4A36-8B0C-B813C367B22B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softartisans:xfile:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8557F8A0-265D-4FEA-9982-9E19EE36CF47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softartisans:xfile:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "28350273-2166-474C-AD1F-5591AD644F8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softartisans:xfile:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C6EC8D73-E71A-4988-A687-10C9AB6EFC83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softartisans:xfile:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3134EF9B-D4D6-4F9A-8E63-3AE20105BF54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softartisans:xfile:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "BCB5E60A-8DEB-408A-B0BB-404BF2D6AB16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softartisans:xfile:2.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6D143F22-E10F-4548-80CE-79547366A670",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softartisans:xfile:2.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F61EA55C-4DC4-4D7E-8B95-B331DC510A2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softartisans:xfile:2.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6F31FDCD-EC0D-4F49-8032-C062A9FB7E3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softartisans:xfile:2.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D7D43259-8042-45A4-AF36-B1576FACBAFD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple stack-based buffer overflows in the FileManager ActiveX control in SAFmgPws.dll in SoftArtisans XFile before 2.4.0 allow remote attackers to execute arbitrary code via unspecified calls to the (1) BuildPath, (2) GetDriveName, (3) DriveExists, or (4) DeleteFile method."
},
{
"lang": "es",
"value": "M\u00faltiples desbordmientos de b\u00fafer basados en pila en el control ActiveX de FileManager en SAFmgPws.dll de SoftArtisans XFile versiones anteriores a 2.4.0 permiten a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de llamadas no especificadas a los m\u00e9todos (1) BuildPath, (2) GetDriveName, (3) DriveExists, o (4) DeleteFile."
}
],
"id": "CVE-2007-1682",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-08-27T20:41:00.000",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31615"
},
{
"source": "cret@cert.org",
"url": "http://support.softartisans.com/Support-114.aspx"
},
{
"source": "cret@cert.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/914785"
},
{
"source": "cret@cert.org",
"url": "http://www.securityfocus.com/bid/30826"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31615"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.softartisans.com/Support-114.aspx"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/914785"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/30826"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2007-1682 (GCVE-0-2007-1682)
Vulnerability from cvelistv5
Published
2008-08-27 20:00
Modified
2024-08-07 13:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple stack-based buffer overflows in the FileManager ActiveX control in SAFmgPws.dll in SoftArtisans XFile before 2.4.0 allow remote attackers to execute arbitrary code via unspecified calls to the (1) BuildPath, (2) GetDriveName, (3) DriveExists, or (4) DeleteFile method.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.kb.cert.org/vuls/id/914785 | third-party-advisory, x_refsource_CERT-VN | |
| http://secunia.com/advisories/31615 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/30826 | vdb-entry, x_refsource_BID | |
| http://support.softartisans.com/Support-114.aspx | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:06:25.994Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#914785",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/914785"
},
{
"name": "31615",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31615"
},
{
"name": "30826",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30826"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.softartisans.com/Support-114.aspx"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-08-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple stack-based buffer overflows in the FileManager ActiveX control in SAFmgPws.dll in SoftArtisans XFile before 2.4.0 allow remote attackers to execute arbitrary code via unspecified calls to the (1) BuildPath, (2) GetDriveName, (3) DriveExists, or (4) DeleteFile method."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-09-03T09:00:00",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#914785",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/914785"
},
{
"name": "31615",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31615"
},
{
"name": "30826",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30826"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.softartisans.com/Support-114.aspx"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2007-1682",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple stack-based buffer overflows in the FileManager ActiveX control in SAFmgPws.dll in SoftArtisans XFile before 2.4.0 allow remote attackers to execute arbitrary code via unspecified calls to the (1) BuildPath, (2) GetDriveName, (3) DriveExists, or (4) DeleteFile method."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#914785",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/914785"
},
{
"name": "31615",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31615"
},
{
"name": "30826",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30826"
},
{
"name": "http://support.softartisans.com/Support-114.aspx",
"refsource": "CONFIRM",
"url": "http://support.softartisans.com/Support-114.aspx"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2007-1682",
"datePublished": "2008-08-27T20:00:00",
"dateReserved": "2007-03-26T00:00:00",
"dateUpdated": "2024-08-07T13:06:25.994Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}