Multiple absolute path traversal vulnerabilities in Pegasus Imaging ImagXpress 8.0 allow remote attackers to (1) delete arbitrary files via the CacheFile attribute in the ThumbnailXpres.1 ActiveX control (PegasusImaging.ActiveX.ThumnailXpress1.dll) or (2) overwrite arbitrary files via the CompactFile function in the ImagXpress.8 ActiveX control (PegasusImaging.ActiveX.ImagXpress8.dll).
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
| Link | Tags |
|---|---|
| http://www.securityfocus.com/bid/25948 | vdb entry exploit |
| http://shinnai.altervista.org/exploits/txt/TXT_3DQ1nIkI6zmWCek4zP5U.html | exploit |
| http://osvdb.org/37959 | vdb entry |
| http://secunia.com/advisories/27095 | third party advisory vendor advisory |
| http://www.vupen.com/english/advisories/2007/3388 | vdb entry |
| http://shinnai.altervista.org/exploits/txt/TXT_wfv7ZG0G6KnQlk1SieLd.html | exploit |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/37012 | vdb entry |
| http://www.securityfocus.com/bid/25949 | vdb entry |
| http://osvdb.org/37960 | vdb entry |