File Manipulation Vulnerability in Progress Webspeed Messenger
CVE-2007-2266

Currently unrated

Key Information:

Vendor: Progress
Status: Webspeed Messenger
Vendor: CVE Published:; 25 April 2007

Summary

Progress Webspeed Messenger suffers from a vulnerability that enables remote attackers to interact with the system by reading, creating, modifying, and executing arbitrary files. This can be exploited through the webutil/_cpyfile.p component by manipulating the WService parameter in scripts such as cgiip.exe or wsisa.dll. Attackers can leverage options like save and editor to craft new files by using the fileName parameter, potentially compromising the integrity and confidentiality of the system.

References

http://www.securityfocus.com/archive/1/466771/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://www.securityfocus.com/bid/23634

vdb-entryx_refsource_BID

http://secunia.com/advisories/24988

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
Apr 25, 2007
Vulnerability Reserved
Apr 25, 2007