CVE-2007-1682

Softartisans Xfile < 2.3.4 - Memory Corruption

Title source: rule

Description

Multiple stack-based buffer overflows in the FileManager ActiveX control in SAFmgPws.dll in SoftArtisans XFile before 2.4.0 allow remote attackers to execute arbitrary code via unspecified calls to the (1) BuildPath, (2) GetDriveName, (3) DriveExists, or (4) DeleteFile method.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/16592

View Code ZIP pw:eip

metasploit WORKING POC NORMAL

by MC · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/softartisans_getdrivename.rb

View Code ZIP pw:eip

References (4)

[US Government Resource] http://www.kb.cert.org/vuls/id/914785

[Vendor Advisory] http://secunia.com/advisories/31615

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/30826

[Various Sources] http://support.softartisans.com/Support-114.aspx

Scores

EPSS 0.6576

EPSS Percentile 98.5%

Details

CWE

CWE-119

Status published

Products (24)

softartisans/xfile 1.0

softartisans/xfile 1.0.6

softartisans/xfile 1.0.7

softartisans/xfile 1.0.8

softartisans/xfile 1.1

softartisans/xfile 1.01

softartisans/xfile 1.1.1

softartisans/xfile 1.1.2

softartisans/xfile 1.1.3

softartisans/xfile 1.1.4

... and 14 more

Published Aug 27, 2008

Tracked Since Feb 18, 2026