Directory Traversal Vulnerability in GeoVision LiveX ActiveX Control
CVE-2009-0865

Currently unrated

Key Information:

Vendor: Geovision
Status: Livex Activex Control
Vendor: CVE Published:; 10 March 2009

What is CVE-2009-0865?

The GeoVision LiveX ActiveX control versions 8.1.2 and 8.2.0 are susceptible to a directory traversal vulnerability through the SnapShotToFile method. This flaw permits remote attackers to manipulate file paths, potentially allowing them to create or overwrite arbitrary files. Exploiting this vulnerability may involve interaction with the affected methods, such as PlayX and SnapShotX, utilizing '..' (dot dot) sequences to bypass file restrictions, posing significant risks to user systems and sensitive data integrity.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/48773

vdb-entryx_refsource_XF

https://www.exploit-db.com/exploits/8059

exploitx_refsource_EXPLOIT-DB

http://secunia.com/advisories/33969

third-party-advisoryx_refsource_SECUNIA

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 10, 2009
Vulnerability Reserved
Mar 10, 2009

Geovision

What is CVE-2009-0865?

References

Timeline