Pegasus Imaging ThumbnailXpress ActiveX Control Arbitrary File Delete Vulnerability
BID:25949
Info
Pegasus Imaging ThumbnailXpress ActiveX Control Arbitrary File Delete Vulnerability
| Bugtraq ID: | 25949 |
| Class: | Design Error |
| CVE: |
CVE-2007-5320 |
| Remote: | Yes |
| Local: | No |
| Published: | Oct 06 2007 12:00AM |
| Updated: | May 07 2015 05:35PM |
| Credit: | shinnai is credited with the discovery of this issue. |
| Vulnerable: |
Pegasus Imaging Corporation. ThumbnailXpress 1.0 |
| Not Vulnerable: | |
Discussion
Pegasus Imaging ThumbnailXpress ActiveX Control Arbitrary File Delete Vulnerability
Pegasus Imaging ThumbnailXpress ActiveX Control is prone to a vulnerability that lets attackers delete arbitrary files on the affected computer. Successful attacks can result in denial-of-service conditions.
Pegasus Imaging ThumbnailXpress 1.0 is vulnerable to this issue; other versions may also be affected.
Pegasus Imaging ThumbnailXpress ActiveX Control is prone to a vulnerability that lets attackers delete arbitrary files on the affected computer. Successful attacks can result in denial-of-service conditions.
Pegasus Imaging ThumbnailXpress 1.0 is vulnerable to this issue; other versions may also be affected.
Exploit / POC
Pegasus Imaging ThumbnailXpress ActiveX Control Arbitrary File Delete Vulnerability
Sample exploit code has been provided:
Sample exploit code has been provided:
Solution / Fix
Pegasus Imaging ThumbnailXpress ActiveX Control Arbitrary File Delete Vulnerability
Solution:
The vendor states:
"Pegasus Imaging acknowledges these issues as affecting our controls in the same way that they affect any ActiveX control that allows files to be saved to absolute directory paths. We're working on reducing the vulnerabilities of these issues and will publish additional information when available at http://www.pegasusimaging.com/faq.htm. In the meantime we recommend that users follow the Microsoft guidelines for reducing the vulnerability by increasing their browser security settings for ActiveX controls."
Solution:
The vendor states:
"Pegasus Imaging acknowledges these issues as affecting our controls in the same way that they affect any ActiveX control that allows files to be saved to absolute directory paths. We're working on reducing the vulnerabilities of these issues and will publish additional information when available at http://www.pegasusimaging.com/faq.htm. In the meantime we recommend that users follow the Microsoft guidelines for reducing the vulnerability by increasing their browser security settings for ActiveX controls."
References
Pegasus Imaging ThumbnailXpress ActiveX Control Arbitrary File Delete Vulnerability
References:
References:
- Microsoft Knowledge Base Article 240797 (Microsoft)
- ThumbnailXpress ActiveX COM FAQ (Pegasus Imaging Coporation)