Vulnerability Description
Multiple absolute path traversal vulnerabilities in Pegasus Imaging ImagXpress 8.0 allow remote attackers to (1) delete arbitrary files via the CacheFile attribute in the ThumbnailXpres.1 ActiveX control (PegasusImaging.ActiveX.ThumnailXpress1.dll) or (2) overwrite arbitrary files via the CompactFile function in the ImagXpress.8 ActiveX control (PegasusImaging.ActiveX.ImagXpress8.dll).
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Pegasus Imaging | Imagxpress | 8.0 |
Related Weaknesses (CWE)
References
- http://osvdb.org/37959
- http://osvdb.org/37960
- http://secunia.com/advisories/27095Vendor Advisory
- http://shinnai.altervista.org/exploits/txt/TXT_3DQ1nIkI6zmWCek4zP5U.htmlExploit
- http://shinnai.altervista.org/exploits/txt/TXT_wfv7ZG0G6KnQlk1SieLd.htmlExploit
- http://www.securityfocus.com/bid/25948Exploit
- http://www.securityfocus.com/bid/25949
- http://www.vupen.com/english/advisories/2007/3388
- https://exchange.xforce.ibmcloud.com/vulnerabilities/37012
- http://osvdb.org/37959
- http://osvdb.org/37960
- http://secunia.com/advisories/27095Vendor Advisory
- http://shinnai.altervista.org/exploits/txt/TXT_3DQ1nIkI6zmWCek4zP5U.htmlExploit
- http://shinnai.altervista.org/exploits/txt/TXT_wfv7ZG0G6KnQlk1SieLd.htmlExploit
- http://www.securityfocus.com/bid/25948Exploit
FAQ
What is CVE-2007-5320?
CVE-2007-5320 is a vulnerability with a CVSS score of 4.0 (MEDIUM). Multiple absolute path traversal vulnerabilities in Pegasus Imaging ImagXpress 8.0 allow remote attackers to (1) delete arbitrary files via the CacheFile attribute in the ThumbnailXpres.1 ActiveX cont...
How severe is CVE-2007-5320?
CVE-2007-5320 has been rated MEDIUM with a CVSS base score of 4.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-5320?
Check the references section above for vendor advisories and patch information. Affected products include: Pegasus Imaging Imagxpress.