Vulnerability Description
Insecure method vulnerability in the FlexCell.Grid ActiveX control in FlexCell.ocx 5.7.0.1 in FlexCell Grid ActiveX Component allows remote attackers to create and overwrite arbitrary files via the HttpDownloadFile method. NOTE: this could be leveraged for code execution by creating executable files in Startup folders or by accessing files using hcp:// URLs. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Grid2000 | Flexcell Grid Control | 5.7.0.1 |
References
- http://secunia.com/advisories/32829Vendor Advisory
- http://www.securityfocus.com/bid/32443
- https://exchange.xforce.ibmcloud.com/vulnerabilities/46809
- http://secunia.com/advisories/32829Vendor Advisory
- http://www.securityfocus.com/bid/32443
- https://exchange.xforce.ibmcloud.com/vulnerabilities/46809
FAQ
What is CVE-2008-5404?
CVE-2008-5404 is a vulnerability with a CVSS score of 10.0 (HIGH). Insecure method vulnerability in the FlexCell.Grid ActiveX control in FlexCell.ocx 5.7.0.1 in FlexCell Grid ActiveX Component allows remote attackers to create and overwrite arbitrary files via the Ht...
How severe is CVE-2008-5404?
CVE-2008-5404 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-5404?
Check the references section above for vendor advisories and patch information. Affected products include: Grid2000 Flexcell Grid Control.