CVE-2007-3459

Avaxswf.dll 1.0.0.1 - Path Traversal

Title source: llm

Description

A certain ActiveX control in Avaxswf.dll 1.0.0.1 in Civitech Avax Vector 1.3 allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the WriteMovie method.

Exploits (1)

exploitdb WORKING POC VERIFIED

by callAX · htmlremotewindows

https://www.exploit-db.com/exploits/4110

View Code ZIP pw:eip

References (6)

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/35089

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/4110

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/24659

[Third Party Advisory, VDB Entry] http://osvdb.org/38037

[Third Party Advisory] http://securityreason.com/securityalert/2844

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/472296/100/0/threaded

Scores

EPSS 0.0895

EPSS Percentile 92.6%

Details

Status published

Products (1)

civiltech/avax_vector_activex 1.3

Published Jun 27, 2007

Tracked Since Feb 18, 2026