CVE-2009-0465

Exploit

EPSS 6.66%
Veröffentlicht 10.02.2009 07:00:24
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

The SaveDoc method in the All_In_The_Box.AllBox ActiveX control in ALL_IN_THE_BOX.OCX in Synactis ALL In-The-Box ActiveX 3 allows remote attackers to create and overwrite arbitrary files via an argument ending in a '\0' character, which bypasses the intended .box filename extension, as demonstrated by a C:\boot.ini\0 argument.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 9

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Synactis ≫ All In The Box.Ocx Version3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	6.66%	0.91

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.3	8.6	10	AV:N/AC:M/Au:N/C:C/I:C/A:C

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://osvdb.org/51693

http://secunia.com/advisories/33728

Vendor Advisory

http://www.dsecrg.com/pages/vul/show.php?id=62

http://www.securityfocus.com/bid/33535

Exploit

http://www.vupen.com/english/advisories/2009/0298

https://www.exploit-db.com/exploits/7928

https://nvd.nist.gov/vuln/detail/CVE-2009-0465

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2009-0465

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2009-0465

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2009-0465