CVE-2007-5110

EB Design PTY LTD Ebcrypt - Path Traversal

Title source: rule

Description

Absolute path traversal vulnerability in the EbCrypt.eb_c_PRNGenerator.1 ActiveX control in EBCRYPT.DLL 2.0.0.2087 and earlier in EB Design ebCrypt allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the SaveToFile method. NOTE: some of these details are obtained from third party information.

Exploits (1)

exploitdb WORKING POC VERIFIED

by shinnai · htmlremotewindows

https://www.exploit-db.com/exploits/4453

View Code ZIP pw:eip

References (6)

[Vendor Advisory] http://secunia.com/advisories/26959

[Exploit] http://shinnai.altervista.org/exploits/txt/TXT_ZzLXiITIfSuVuh1kPHDP.html

[Exploit] http://www.securityfocus.com/bid/25787

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/36769

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/4453

[Third Party Advisory, VDB Entry] http://osvdb.org/37736

Scores

EPSS 0.0939

EPSS Percentile 92.7%

Classification

CWE

CWE-22

Status draft

Affected Products (1)

eb_design_pty_ltd/ebcrypt

Timeline

Published Sep 26, 2007

Tracked Since Feb 18, 2026