CVE-2008-5404

10.12.2008, 06:44

Insecure method vulnerability in the FlexCell.Grid ActiveX control in FlexCell.ocx 5.7.0.1 in FlexCell Grid ActiveX Component allows remote attackers to create and overwrite arbitrary files via the HttpDownloadFile method.  NOTE: this could be leveraged for code execution by creating executable files in Startup folders or by accessing files using hcp:// URLs.  NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Vector
NIST	NIST	10 UNKNOWN	NETWORK	LOW	AV:N/AC:L/Au:N/C:C/I:C/A:C
mitre	CNA	---			---
CVE	ADP	---			---

Base Score

CVSS 3.x

EPSS Score

Percentile: 86%

Vendor	Product	Version
grid2000	flexcell_grid_control	5.7.0.1

𝑥

= Vulnerable software versions

References

http://secunia.com/advisories/32829

http://www.securityfocus.com/bid/32443

https://exchange.xforce.ibmcloud.com/vulnerabilities/46809

http://secunia.com/advisories/32829

http://www.securityfocus.com/bid/32443

https://exchange.xforce.ibmcloud.com/vulnerabilities/46809