File Overwrite Vulnerability in Synactis ActiveX Control
CVE-2009-0465

Currently unrated

Key Information:

Vendor: Synactis
Status: All In The Box.ocx
Vendor: CVE Published:; 10 February 2009

What is CVE-2009-0465?

The SaveDoc method within the All_In_The_Box.AllBox ActiveX control in the ALL_IN_THE_BOX.OCX file is susceptible to a file overwrite vulnerability. This flaw enables remote attackers to potentially create and overwrite arbitrary files on a victim's machine by manipulating the input parameters. Specifically, an argument that concludes with a null character ('\0') can bypass the file extension restrictions, allowing exploitation through various techniques, including replacing important system files, which could lead to significant security risks.

References

http://www.securityfocus.com/bid/33535

vdb-entryx_refsource_BID

http://osvdb.org/51693

vdb-entryx_refsource_OSVDB

http://www.dsecrg.com/pages/vul/show.php?id=62

x_refsource_MISC

EPSS Score

6% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 10, 2009
Vulnerability Reserved
Feb 5, 2009