Vulnerability Description
Directory traversal vulnerability in the JetAudio.Interface.1 ActiveX control in JetFlExt.dll in jetAudio 7.0.3 Basic and 7.0.3.3016 allows remote attackers to create or overwrite arbitrary local files via a ..\ (dot dot backslash) in the second argument to the DownloadFromMusicStore method. NOTE: some of these details are obtained from third party information. NOTE: this can be leveraged for code execution by overwriting JetAudio.exe, which is launched by the control after completion of the method call.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cowon America | Jetaudio | 7.0.3.3016 |
Related Weaknesses (CWE)
References
- http://osvdb.org/37737
- http://secunia.com/advisories/26787Vendor Advisory
- http://www.securityfocus.com/bid/25723
- http://www.securitytracker.com/id?1018716
- http://www.vupen.com/english/advisories/2007/3196
- https://exchange.xforce.ibmcloud.com/vulnerabilities/36693
- https://www.exploit-db.com/exploits/4427
- http://osvdb.org/37737
- http://secunia.com/advisories/26787Vendor Advisory
- http://www.securityfocus.com/bid/25723
- http://www.securitytracker.com/id?1018716
- http://www.vupen.com/english/advisories/2007/3196
- https://exchange.xforce.ibmcloud.com/vulnerabilities/36693
- https://www.exploit-db.com/exploits/4427
FAQ
What is CVE-2007-4983?
CVE-2007-4983 is a vulnerability with a CVSS score of 10.0 (HIGH). Directory traversal vulnerability in the JetAudio.Interface.1 ActiveX control in JetFlExt.dll in jetAudio 7.0.3 Basic and 7.0.3.3016 allows remote attackers to create or overwrite arbitrary local file...
How severe is CVE-2007-4983?
CVE-2007-4983 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-4983?
Check the references section above for vendor advisories and patch information. Affected products include: Cowon America Jetaudio.