 |
Name:
MS.Rich.Textbox.Control.SaveFile.Arbitrary.File.Ov
|
Released Date:
Feb 25 2008
|
Severity:
medium
|
CVE:
2008-0237
|
|
|
Bugtraq:
27201
|
|
|
|
|
FortiGuard Center
> Vulnerability Encyclopedia
In-Depth Analysis
|
Description
|
This indicates an attempt to exploit a file overwriting vulnerability in Microsoft Rich Textbox Control ActiveX control.
The vulnerability is due to lack of path verification in the control's method SaveFile. A remote attacker can exploit this vulnerability via a specially crafted web page to create or modify arbitrary files on the target system.
|
|
|
|
Impact
|
|
System Compromise.
|
|
|
|
Affected Products
|
|
Microsoft Rich TextBox Control 6.0
|
|
Aliases
|
MS.Rich.Textbox.Control.SaveFile.Arbitrary.File.Overwrite
|
|
References
|
http://www.securityfocus.com/bid/27201
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-0237
|
|
Recommended Actions
|
|
Currently we are not aware of any vendor supplied patch for this issue.
|
|
