Vulnerability Description
Multiple insecure method vulnerabilities in the Web On Windows (WOW) ActiveX control in WOW ActiveX 2 allow remote attackers to (1) create and overwrite arbitrary files via the WriteIniFileString method, (2) execute arbitrary programs via the ShellExecute method, (3) read from the registry via unspecified vectors, and (4) write to the registry via unspecified vectors. NOTE: vectors 1 and 2 can be used together to execute arbitrary code.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Eztools-Software | Web On Windows Activex | 2 |
References
- http://www.securityfocus.com/bid/33515Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/48337
- https://www.exploit-db.com/exploits/7910
- http://www.securityfocus.com/bid/33515Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/48337
- https://www.exploit-db.com/exploits/7910
FAQ
What is CVE-2009-0389?
CVE-2009-0389 is a vulnerability with a CVSS score of 9.3 (HIGH). Multiple insecure method vulnerabilities in the Web On Windows (WOW) ActiveX control in WOW ActiveX 2 allow remote attackers to (1) create and overwrite arbitrary files via the WriteIniFileString meth...
How severe is CVE-2009-0389?
CVE-2009-0389 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-0389?
Check the references section above for vendor advisories and patch information. Affected products include: Eztools-Software Web On Windows Activex.