CVE-2007-3459

Avaxswf.dll 1.0.0.1 - Path Traversal

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-3459. PoCs published by callAX.

AI-analyzed exploit summary This exploit leverages an arbitrary file write vulnerability in the Avaxswf.dll ActiveX control via the WriteMovie method. It allows an attacker to write arbitrary data to any file on the system, potentially leading to privilege escalation or system compromise.

Description

A certain ActiveX control in Avaxswf.dll 1.0.0.1 in Civitech Avax Vector 1.3 allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the WriteMovie method.

Exploits (1)

exploitdb WORKING POC VERIFIED

by callAX · htmlremotewindows

https://www.exploit-db.com/exploits/4110

View Code ZIP pw:eip

This exploit leverages an arbitrary file write vulnerability in the Avaxswf.dll ActiveX control via the WriteMovie method. It allows an attacker to write arbitrary data to any file on the system, potentially leading to privilege escalation or system compromise.

Classification

Working Poc 90%

Attack Type

Other

Complexity

Trivial

Reliability

Reliable

Target: Avax Vector ActiveX v.1.3 (Avaxswf.dll v.1.0.0.1)

No auth needed

Prerequisites: Victim must visit a malicious webpage or open a malicious HTML file · Avax Vector ActiveX control must be installed and registered

MITRE ATT&CK