CVE-2007-3883

Data Dynamics ActiveBar <3.2 - Path Traversal

Title source: llm

Description

The Data Dynamics ActiveBar ActiveX control (actbar3.ocx) 3.2 and earlier allows remote attackers to create or overwrite files via a full pathname in (1) the second argument to the Save method, or the first argument to the (2) SaveLayoutChanges or (3) SaveMenuUsageData method.

Exploits (2)

exploitdb WORKING POC VERIFIED

by shinnai · htmlremotewindows

https://www.exploit-db.com/exploits/5395

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by shinnai · htmlremotewindows

https://www.exploit-db.com/exploits/4190

View Code ZIP pw:eip

References (6)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/24959

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/5395

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/35471

[Third Party Advisory, VDB Entry] http://osvdb.org/37692

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/4190

[Third Party Advisory] http://secunia.com/advisories/26098

Scores

EPSS 0.2195

EPSS Percentile 95.8%

Details

Status published

Products (1)

datadynamics/activebar < 3.1

Published Jul 18, 2007

Tracked Since Feb 18, 2026