CVE-2011-5292

01.01.2015, 02:59

The EaseWeFtp.FtpLibrary ActiveX control in EaseWeFtp.ocx in Easewe FTP OCX 4.5.0.9 does not restrict access to certain methods, which allows remote attackers to execute arbitrary files via a pathname in the first argument to the (1) Execute or (2) Run method, (3) write to arbitrary files via a pathname in the argument to the CreateLocalFile method, (4) create arbitrary directories via a pathname in the argument to the CreateLocalFolder method, or (5) delete arbitrary files via a pathname in the argument to the DeleteLocalFile method.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Vector
NIST	NIST	7.5 UNKNOWN	NETWORK	LOW	AV:N/AC:L/Au:N/C:P/I:P/A:P
mitre	CNA	---			---
CVE	ADP	---			---

Base Score

CVSS 3.x

EPSS Score

Percentile: 73%

Vendor	Product	Version
easewe_software	easewe_ftp_ocx_activex_control	4.5.0.9

𝑥

= Vulnerable software versions

Known Exploits!

Common Weakness Enumeration

CWE-264 -

References

https://www.htbridge.com/advisory/HTB23015