CVE-2007-5320

Multiple absolute path traversal vulnerabilities in Pegasus Imaging ImagXpress 8.0 allow remote attackers to (1) delete arbitrary files via the CacheFile attribute in the ThumbnailXpres.1 ActiveX control (PegasusImaging.ActiveX.ThumnailXpress1.dll) or (2) overwrite arbitrary files via the CompactFile function in the ImagXpress.8 ActiveX control (PegasusImaging.ActiveX.ImagXpress8.dll).

Published: Oct 10, 2007
Updated: Apr 13, 2023
CVE: CVE-2007-5320
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4
AV:N/AC:H/Au:N/C:N/I:P/A:P

CWEs:

CWE-22

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

Software	From	Fixed in
pegasus_imaging / imagxpress	8.0	8.0.x

http://osvdb.org/37959
http://osvdb.org/37960
http://secunia.com/advisories/27095
http://shinnai.altervista.org/exploits/txt/TXT_3DQ1nIkI6zmWCek4zP5U.html
http://shinnai.altervista.org/exploits/txt/TXT_wfv7ZG0G6KnQlk1SieLd.html
http://www.securityfocus.com/bid/25948
http://www.securityfocus.com/bid/25949
http://www.vupen.com/english/advisories/2007/3388
https://exchange.xforce.ibmcloud.com/vulnerabilities/37012

Vulnerability Database

CVE-2007-5320