File Overwrite Vulnerability in Synactis ActiveX Control
CVE-2009-0465

Currently unrated

Key Information:

Vendor

Synactis

Status
All In The Box.ocx
Vendor
CVE Published:
10 February 2009

Badges

๐Ÿ‘พ Exploit Exists๐ŸŸก Public PoC

What is CVE-2009-0465?

The SaveDoc method within the All_In_The_Box.AllBox ActiveX control in the ALL_IN_THE_BOX.OCX file is susceptible to a file overwrite vulnerability. This flaw enables remote attackers to potentially create and overwrite arbitrary files on a victim's machine by manipulating the input parameters. Specifically, an argument that concludes with a null character ('\0') can bypass the file extension restrictions, allowing exploitation through various techniques, including replacing important system files, which could lead to significant security risks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2009-0465 - Proof of Concept

References

http://www.securityfocus.com/bid/33535
vdb-entryx_refsource_BID
http://osvdb.org/51693
vdb-entryx_refsource_OSVDB
http://www.dsecrg.com/pages/vul/show.php?id=62
x_refsource_MISC

EPSS Score

5% chance of being exploited in the next 30 days.

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

JSON
.