PBEmail ActiveX Edition SaveSenderToXml Arbitrary File Overwrite Vulnerability

Bugtraq ID:	26058
Class:	Design Error
CVE:	CVE-2007-5446
Remote:	Yes
Local:	No
Published:	Oct 12 2007 12:00AM
Updated:	May 07 2015 05:34PM
Credit:	Katatafish is credited with the discovery of this issue.
Vulnerable:	Perfection Bytes PBEmail Activex Edition 7
Not Vulnerable:

PBEmail ActiveX Edition SaveSenderToXml Arbitrary File Overwrite Vulnerability

PBEmail ActiveX Edition is prone to a vulnerability that lets attackers overwrite arbitrary local files. This may aid in further attacks.

This issue affects PBEmail ActiveX Edition 7; other versions may also be affected.

PBEmail ActiveX Edition SaveSenderToXml Arbitrary File Overwrite Vulnerability

The following exploit code is available:

• /data/vulnerabilities/exploits/26058.html

PBEmail ActiveX Edition SaveSenderToXml Arbitrary File Overwrite Vulnerability

Solution:
The vendor released PBEmail 7 build 4197 to address this issue. Please see the references for more information.


Perfection Bytes PBEmail Activex Edition 7

• Perfection Bytes PBEmail7Ax.msi
  http://download.perfectionbytes.com/pbemailax/PBEmail7Ax.msi

PBEmail ActiveX Edition SaveSenderToXml Arbitrary File Overwrite Vulnerability

References:

• Microsoft Knowledge Base Article 240797 (Microsoft)
  
• PBEmail ActiveX Edition Homepage (Perfection Byte)
  
• Subject: PBEmail 7 ActiveX Edition Build 4471 released! (Perfection Bytes)