CVE-2011-5291 — MEDIUM (6.4)

Vulnerability Description

The SaveData method in the Cygnicon.ViewControl.1 ActiveX control in CyViewer.ocx in Ashampoo 3D CAD Professional 3.x before 3.0.2 allows remote attackers to write to arbitrary files via a pathname in the first argument.

CVSS Score

6.4

MEDIUM

AV:N/AC:L/Au:N/C:N/I:P/A:P

Confidentiality

NONE

Integrity

PARTIAL

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Ashampoo Gmbh \& Co.	Ashampoo 3D Cad Professional 3	3.0

Related Weaknesses (CWE)

CWE-264

References

https://www.htbridge.com/advisory/HTB23019Exploit
https://www.htbridge.com/advisory/HTB23019Exploit

FAQ

What is CVE-2011-5291?

CVE-2011-5291 is a vulnerability with a CVSS score of 6.4 (MEDIUM). The SaveData method in the Cygnicon.ViewControl.1 ActiveX control in CyViewer.ocx in Ashampoo 3D CAD Professional 3.x before 3.0.2 allows remote attackers to write to arbitrary files via a pathname in...

How severe is CVE-2011-5291?

CVE-2011-5291 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2011-5291?

Check the references section above for vendor advisories and patch information. Affected products include: Ashampoo Gmbh \& Co. Ashampoo 3D Cad Professional 3.