CVE-2007-2266

Progress Webspeed Messenger - Arbitrary File Read, Write, and Execution via WService Parameter

Title source: llm
STIX 2.1

Description

Progress Webspeed Messenger allows remote attackers to read, create, modify, and execute arbitrary files by invoking webutil/_cpyfile.p in the WService parameter to (1) cgiip.exe or (2) wsisa.dll in scripts/, as demonstrated by using the save,editor options to create a new file using the fileName parameter.

References (5)

Core 5
Core References
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/466771/100/0/threaded
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/23634
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/24988
Various Sources x_refsource_misc
http://www.ishare.nl/
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/472574/100/0/threaded

Scores

EPSS 0.0390
EPSS Percentile 88.4%

Details

Status published
Products (1)
progress/webspeed_messenger
Published Apr 25, 2007
Tracked Since Feb 18, 2026