Showing 1 - 3 of 3

CVE-2012-2289

Status Candidate

Overview

EMC ApplicationXtender Desktop before 6.5 SP2 and ApplicationXtender Web Access .NET before 6.5 SP2 allow remote attackers to upload files to any location, and possibly execute arbitrary code, via unspecified vectors.

Related Files

Zero Day Initiative Advisory 12-182: Posted Aug 29, 2012; Authored by Tipping Point | Site zerodayinitiative.com; Zero Day Initiative Advisory 12-182 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC ApplicationXtender. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the WxSuperCtrl650.ocx ActiveX control. By manipulating a combination of the DisplayImageFile, AnnoLoad and AnnoSave methods, the vulnerable AnnoSave() method can enable an attacker to save arbitrary files inside arbitrary locations. The attacker is able to control the file extension and the creation path via a directory traversal issue. An attacker can leverage this vulnerability to execute code under the context of the process.; tags | advisory, remote, arbitrary, activex; advisories | CVE-2012-2289; SHA-256 | 6aa38dcf56266cca5031793e281cb153a6a3cbeed54f22bddc1b5e8754cbf960; Download | Favorite | View

Zero Day Initiative Advisory 12-179: Posted Aug 29, 2012; Authored by Tipping Point | Site zerodayinitiative.com; Zero Day Initiative Advisory 12-179 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC ApplicationXtender. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the AEXView.ocx ActiveX control. By manipulating a combination of the DisplayImageFile, AnnoLoad and AnnoSave methods, the vulnerable AnnoSave() method can enable an attacker to save arbitrary files in arbitrary locations. The attacker is able to control the file extension and the creation path via a directory traversal issue. An attacker can leverage this vulnerability to execute code under the context of the process.; tags | advisory, remote, arbitrary, activex; advisories | CVE-2012-2289; SHA-256 | a7465b5401eae09d86f86686525c56e6d712583245d647f15ff28395259f58e1; Download | Favorite | View

EMC ApplicationXtender Arbitrary File Upload: Posted Aug 25, 2012; Authored by rgod | Site emc.com; A vulnerability exists in EMC ApplicationXtender products that may allow an attacker to upload arbitrary files on affected systems. EMC ApplicationXtender Web Access .NET versions 6.5 P1 and earlier are affected.; tags | advisory, web, arbitrary; advisories | CVE-2012-2289; SHA-256 | 05558e946bc0f8828d03129cd3b05a4db3bb2be20fb984cd9203e15e11d34439; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 175 files
Ubuntu 51 files
Debian 24 files
Valentin Lobstein 11 files
LiquidWorm 11 files
nu11secur1ty 8 files
Apple 6 files
Google Security Research 5 files
E1.Coders 4 files
tmrswrr 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,014)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,227)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,501)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,439)
UNIX (9,391)
UnixWare (187)
Windows (6,649)
Other

CVE-2012-2289

Overview

Related Files

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems