CVE-2008-1725

EUVD-2008-1726
The IBizEBank.FIProfile.1 ActiveX control in fiprofile20.ocx in IBiz E-Banking Integrator (formerly IBiz OFX Integrator) 2.0.2932 exposes the unsafe WriteOFXDataFile method, which allows remote attackers to overwrite arbitrary files via a full pathname in the argument.  NOTE: some of these details are obtained from third party information.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:C/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 89%
Affected Products (NVD)
VendorProductVersion
nsoftwareibiz_e-banking_integrator
2.0.2932
𝑥
= Vulnerable software versions
References
http://secunia.com/advisories/29758
http://www.osvdb.org/44393
http://www.securityfocus.com/bid/28700
https://exchange.xforce.ibmcloud.com/vulnerabilities/41752
https://www.exploit-db.com/exploits/5416
http://secunia.com/advisories/29758
http://www.osvdb.org/44393
http://www.securityfocus.com/bid/28700
https://exchange.xforce.ibmcloud.com/vulnerabilities/41752
https://www.exploit-db.com/exploits/5416