Vulnerability Details CVE-2007-5320
Multiple absolute path traversal vulnerabilities in Pegasus Imaging ImagXpress 8.0 allow remote attackers to (1) delete arbitrary files via the CacheFile attribute in the ThumbnailXpres.1 ActiveX control (PegasusImaging.ActiveX.ThumnailXpress1.dll) or (2) overwrite arbitrary files via the CompactFile function in the ImagXpress.8 ActiveX control (PegasusImaging.ActiveX.ImagXpress8.dll).
Exploit prediction scoring system (EPSS) score
EPSS Score 0.074
EPSS Ranking 91.3%
CVSS Severity
CVSS v2 Score 4.0
References
- http://osvdb.org/37959
- http://osvdb.org/37960
- http://secunia.com/advisories/27095
- http://shinnai.altervista.org/exploits/txt/TXT_3DQ1nIkI6zmWCek4zP5U.html
- http://shinnai.altervista.org/exploits/txt/TXT_wfv7ZG0G6KnQlk1SieLd.html
- http://www.securityfocus.com/bid/25948
- http://www.securityfocus.com/bid/25949
- http://www.vupen.com/english/advisories/2007/3388
- https://exchange.xforce.ibmcloud.com/vulnerabilities/37012
- http://osvdb.org/37959
- http://osvdb.org/37960
- http://secunia.com/advisories/27095
- http://shinnai.altervista.org/exploits/txt/TXT_3DQ1nIkI6zmWCek4zP5U.html
- http://shinnai.altervista.org/exploits/txt/TXT_wfv7ZG0G6KnQlk1SieLd.html
- http://www.securityfocus.com/bid/25948
- http://www.securityfocus.com/bid/25949
- http://www.vupen.com/english/advisories/2007/3388
- https://exchange.xforce.ibmcloud.com/vulnerabilities/37012
Products affected by CVE-2007-5320
-
cpe:2.3:a:pegasus_imaging:imagxpress:8.0