CVE-2007-4982

MW6 Technologies Qrcode Activex < 3.0.0.1 - Path Traversal

Title source: rule

Description

Multiple absolute path traversal vulnerabilities in the MW6QRCode.QRCode.1 ActiveX control in MW6QRCode.dll in MW6 Technologies QRCode ActiveX 3.0.0.1 and earlier allow remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the (1) SaveAsBMP or (2) SaveAsWMF method. NOTE: some of these details are obtained from third party information.

Exploits (1)

exploitdb WORKING POC VERIFIED

by shinnai · htmlremotewindows

https://www.exploit-db.com/exploits/4420

View Code ZIP pw:eip

References (8)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/25702

[Third Party Advisory, VDB Entry] http://osvdb.org/37915

[Third Party Advisory, VDB Entry] http://osvdb.org/37914

[Vendor Advisory] http://secunia.com/advisories/26836

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/36666

[Various Sources] http://www.shinnai.altervista.org/exploits/OREurGhGgAtlCT8J2jSY.html

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/4420

[Third Party Advisory] http://www.vupen.com/english/advisories/2007/3195

Scores

EPSS 0.0935

EPSS Percentile 92.8%

Details

CWE

CWE-22

Status published

Products (1)

mw6_technologies/qrcode_activex < 3.0.0.1

Published Sep 19, 2007

Tracked Since Feb 18, 2026