Description
Absolute path traversal vulnerability in a certain ActiveX control in CryptoX.dll 2.0 and earlier in the Ultra Crypto Component allows remote attackers to write to arbitrary files via a full pathname in the argument to the SaveToFile method.
Exploits
43882007-09-10remoteWindows
Ultra Crypto Component - 'CryptoX.dll 2.0 SaveToFile()' Insecure Method
By shinnai
References
cve@mitre.org
http://osvdb.org/38982cve@mitre.org
http://www.securityfocus.com/bid/25611cve@mitre.org
http://www.securitytracker.com/id?1018675cve@mitre.org
https://www.exploit-db.com/exploits/4388af854a3a-2127-422b-91ae-364da2661108
http://osvdb.org/38982af854a3a-2127-422b-91ae-364da2661108
http://www.securityfocus.com/bid/25611af854a3a-2127-422b-91ae-364da2661108
http://www.securitytracker.com/id?1018675af854a3a-2127-422b-91ae-364da2661108
https://exchange.xforce.ibmcloud.com/vulnerabilities/36522af854a3a-2127-422b-91ae-364da2661108
https://www.exploit-db.com/exploits/4388