File Overwrite Vulnerability in Synactis ActiveX Control
CVE-2009-0465

Currently unrated

Key Information:

Vendor: Synactis
Status: All In The Box.ocx
Vendor: CVE Published:; 10 February 2009

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2009-0465?

The SaveDoc method within the All_In_The_Box.AllBox ActiveX control in the ALL_IN_THE_BOX.OCX file is susceptible to a file overwrite vulnerability. This flaw enables remote attackers to potentially create and overwrite arbitrary files on a victim's machine by manipulating the input parameters. Specifically, an argument that concludes with a null character ('\0') can bypass the file extension restrictions, allowing exploitation through various techniques, including replacing important system files, which could lead to significant security risks.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2009-0465 - Proof of Concept

References

http://www.securityfocus.com/bid/33535

vdb-entryx_refsource_BID

http://osvdb.org/51693

vdb-entryx_refsource_OSVDB

http://www.dsecrg.com/pages/vul/show.php?id=62

x_refsource_MISC

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Feb 10, 2009
👾
Exploit known to exist
Feb 10, 2009
Vulnerability published
Feb 10, 2009
Vulnerability Reserved
Feb 5, 2009

CVE-2009-0465 Data

JSON