CVE-2009-0134

EUVD-2009-0143

16.01.2009, 18:30

Insecure method vulnerability in the EasyGrid.SGCtrl.32 ActiveX control in EasyGrid.ocx 1.0.0.1 in AAA EasyGrid ActiveX 3.51 allows remote attackers to create and overwrite arbitrary files via the (1) DoSaveFile or (2) DoSaveHtmlFile method.  NOTE: vector 1 could be leveraged for code execution by creating executable files in Startup folders or by accessing files using hcp:// URLs.  NOTE: some of these details are obtained from third party information.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	9.3 UNKNOWN	NETWORK	MEDIUM		AV:N/AC:M/Au:N/C:C/I:C/A:C

Base Score

CVSS 3.x

EPSS Score

Percentile: 93%

Affected Products (NVD)

Vendor	Product	Version
share2	easy_grid_control	3.51

𝑥

= Vulnerable software versions

Known Exploits!

References

http://secunia.com/advisories/33537

http://securityreason.com/securityalert/4913

http://www.securityfocus.com/bid/33272

https://exchange.xforce.ibmcloud.com/vulnerabilities/47946

https://www.exploit-db.com/exploits/7779

http://secunia.com/advisories/33537

http://securityreason.com/securityalert/4913

http://www.securityfocus.com/bid/33272

https://exchange.xforce.ibmcloud.com/vulnerabilities/47946

https://www.exploit-db.com/exploits/7779