CVE-2007-3982

Data Dynamics ActiveReports < 2.5 - Arbitrary File Write via SaveLayout Method Path Traversal

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-3982. PoCs published by shinnai.

AI-analyzed exploit summary This exploit targets a vulnerability in Data Dynamics ActiveReport ActiveX Control (actrpt2.dll <= 2.5) by abusing the insecure 'SaveLayout()' method to overwrite the system.ini file. The PoC demonstrates arbitrary file write via an ActiveX control marked as safe for scripting.

Description

Absolute path traversal vulnerability in the Data Dynamics ActiveReport (ActiveReports) ActiveX control in actrpt2.dll 2.5 and earlier allows remote attackers to create or overwrite arbitrary files via a full pathname in the first argument to the SaveLayout method.

Exploits (1)

exploitdb WORKING POC VERIFIED

by shinnai · htmlremotewindows

https://www.exploit-db.com/exploits/4208

View Code ZIP pw:eip

This exploit targets a vulnerability in Data Dynamics ActiveReport ActiveX Control (actrpt2.dll <= 2.5) by abusing the insecure 'SaveLayout()' method to overwrite the system.ini file. The PoC demonstrates arbitrary file write via an ActiveX control marked as safe for scripting.

Classification

Working Poc 90%

Attack Type

Other

Complexity

Trivial

Reliability

Reliable

Target: Data Dynamics ActiveReport ActiveX Control (actrpt2.dll <= 2.5)

No auth needed

Prerequisites: Victim must visit a malicious webpage or open a malicious HTML file · ActiveX control must be installed and not killed via KillBit

MITRE ATT&CK