CVE-2007-4067

Clever Internet ActiveX Suite 6.2 - Path Traversal

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-4067. PoCs published by shinnai.

AI-analyzed exploit summary This exploit leverages the 'GetToFile' method in the Clever Internet ActiveX Suite 6.2 (CLINETSUITEX6.OCX) to arbitrarily download and overwrite files on a victim's system. The PoC demonstrates downloading a text file to a system directory, with potential for more malicious use.

Description

Absolute path traversal vulnerability in the clInetSuiteX6.clWebDav ActiveX control in CLINETSUITEX6.OCX in Clever Internet ActiveX Suite 6.2 allows remote attackers to create or overwrite arbitrary files via a full pathname in the second argument to the GetToFile method. NOTE: some of these details are obtained from third party information.

Exploits (1)

exploitdb WORKING POC VERIFIED

by shinnai · htmlremotewindows

https://www.exploit-db.com/exploits/4226

View Code ZIP pw:eip

This exploit leverages the 'GetToFile' method in the Clever Internet ActiveX Suite 6.2 (CLINETSUITEX6.OCX) to arbitrarily download and overwrite files on a victim's system. The PoC demonstrates downloading a text file to a system directory, with potential for more malicious use.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Clever Internet ActiveX Suite 6.2 (CLINETSUITEX6.OCX)

No auth needed

Prerequisites: Victim must visit a malicious webpage or open a malicious HTML file · ActiveX control must be installed and enabled

MITRE ATT&CK