Back to search
CVE-2009-0465
Published: Feb 6, 2009
Modified: Aug 7, 2024
PUBLISHED
Description
The SaveDoc method in the All_In_The_Box.AllBox ActiveX control in ALL_IN_THE_BOX.OCX in Synactis ALL In-The-Box ActiveX 3 allows remote attackers to create and overwrite arbitrary files via an argument ending in a '\0' character, which bypasses the intended .box filename extension, as demonstrated by a C:\boot.ini\0 argument.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
33535
vdb-entry
x_refsource_BID
51693
vdb-entry
x_refsource_OSVDB
http://www.dsecrg.com/pages/vul/show.php?id=62
x_refsource_MISC
ADV-2009-0298
vdb-entry
x_refsource_VUPEN
33728
third-party-advisory
x_refsource_SECUNIA
7928
exploit
x_refsource_EXPLOIT-DB
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now