CVE-2007-3983 — MEDIUM (5.0)

Vulnerability Description

Absolute path traversal vulnerability in the Data Dynamics DDActiveReports2.ActiveReport.2 (ActiveReports) ActiveX control in arpro2.dll in ActiveReports 2.0 Professional Edition 2.5.0.1308 (SP5 RC) allows remote attackers to create or overwrite arbitrary files via a full pathname in an argument to the SaveLayout method. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CVSS Score

5.0

MEDIUM

AV:N/AC:L/Au:N/C:N/I:P/A:N

Confidentiality

NONE

Integrity

PARTIAL

Availability

NONE

Affected Products

Vendor	Product	Versions
Datadynamics	Activereports	2.0

References

http://secunia.com/advisories/26112Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/36056
http://secunia.com/advisories/26112Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/36056

FAQ

What is CVE-2007-3983?

CVE-2007-3983 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Absolute path traversal vulnerability in the Data Dynamics DDActiveReports2.ActiveReport.2 (ActiveReports) ActiveX control in arpro2.dll in ActiveReports 2.0 Professional Edition 2.5.0.1308 (SP5 RC) a...

How severe is CVE-2007-3983?

CVE-2007-3983 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2007-3983?

Check the references section above for vendor advisories and patch information. Affected products include: Datadynamics Activereports.