1. Home
  2. CVE Database
  3. CVE-2011-5292
HIGH · 7.5

CVE-2011-5292

The EaseWeFtp.FtpLibrary ActiveX control in EaseWeFtp.ocx in Easewe FTP OCX 4.5.0.9 does not restrict access to certain methods, which allows remote attackers to execute arbitrary files via a pathname...

Vulnerability Description

The EaseWeFtp.FtpLibrary ActiveX control in EaseWeFtp.ocx in Easewe FTP OCX 4.5.0.9 does not restrict access to certain methods, which allows remote attackers to execute arbitrary files via a pathname in the first argument to the (1) Execute or (2) Run method, (3) write to arbitrary files via a pathname in the argument to the CreateLocalFile method, (4) create arbitrary directories via a pathname in the argument to the CreateLocalFolder method, or (5) delete arbitrary files via a pathname in the argument to the DeleteLocalFile method.

CVSS Score

7.5

HIGH

AV:N/AC:L/Au:N/C:P/I:P/A:P
Confidentiality
PARTIAL
Integrity
PARTIAL
Availability
PARTIAL

Affected Products

VendorProductVersions
Easewe SoftwareEasewe Ftp Ocx Activex Control4.5.0.9

Related Weaknesses (CWE)

CWE-264

References

FAQ

What is CVE-2011-5292?

CVE-2011-5292 is a vulnerability with a CVSS score of 7.5 (HIGH). The EaseWeFtp.FtpLibrary ActiveX control in EaseWeFtp.ocx in Easewe FTP OCX 4.5.0.9 does not restrict access to certain methods, which allows remote attackers to execute arbitrary files via a pathname...

How severe is CVE-2011-5292?

CVE-2011-5292 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2011-5292?

Check the references section above for vendor advisories and patch information. Affected products include: Easewe Software Easewe Ftp Ocx Activex Control.