Vulnerability Description
GleamTech FileVista before 6.1 allows remote authenticated users to create arbitrary files and possibly execute arbitrary code via a crafted path in a zip archive, which is not properly handled during extraction.
CVSS Score
6.5
MEDIUM
AV:N/AC:L/Au:S/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gleamtech | Filevista | <= 6.0.9 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/129304/FileVista-Path-Leakage-Path-Write-Mo
- http://seclists.org/fulldisclosure/2014/Nov/87
- http://support.gleamtech.com/kb/a10/version-history-of-filevista.aspx
- http://packetstormsecurity.com/files/129304/FileVista-Path-Leakage-Path-Write-Mo
- http://seclists.org/fulldisclosure/2014/Nov/87
- http://support.gleamtech.com/kb/a10/version-history-of-filevista.aspx
FAQ
What is CVE-2014-8789?
CVE-2014-8789 is a vulnerability with a CVSS score of 6.5 (MEDIUM). GleamTech FileVista before 6.1 allows remote authenticated users to create arbitrary files and possibly execute arbitrary code via a crafted path in a zip archive, which is not properly handled during...
How severe is CVE-2014-8789?
CVE-2014-8789 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-8789?
Check the references section above for vendor advisories and patch information. Affected products include: Gleamtech Filevista.