CVE-2007-4902

Ultra Shareware Ultra Crypto Component - Path Traversal

Title source: rule

Description

Absolute path traversal vulnerability in a certain ActiveX control in CryptoX.dll 2.0 and earlier in the Ultra Crypto Component allows remote attackers to write to arbitrary files via a full pathname in the argument to the SaveToFile method.

Exploits (1)

exploitdb WORKING POC VERIFIED

by shinnai · htmlremotewindows

https://www.exploit-db.com/exploits/4388

View Code ZIP pw:eip

References (5)

[Exploit] http://www.securityfocus.com/bid/25611

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/36522

[Third Party Advisory, VDB Entry] http://osvdb.org/38982

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/4388

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id?1018675

Scores

EPSS 0.0319

EPSS Percentile 87.0%

Details

CWE

CWE-22

Status published

Products (1)

ultra_shareware/ultra_crypto_component 2.0.2007.801

Published Sep 17, 2007

Tracked Since Feb 18, 2026