CVE-2007-5219

Cyberlink Powerdvd - Path Traversal

Title source: rule

Description

Directory traversal vulnerability in the CLAVSetting.CLSetting.1 ActiveX control in CLAVSetting.DLL 1.00.1829 in the CLAVSetting module in CyberLink PowerDVD 7.0 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in the argument to the CreateNewFile method.

Exploits (1)

exploitdb WORKING POC VERIFIED

by rgod · htmldoswindows

https://www.exploit-db.com/exploits/4479

View Code ZIP pw:eip

References (7)

[Exploit] http://www.securityfocus.com/bid/25888

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/36902

[Vendor Advisory] http://secunia.com/advisories/27039

[Third Party Advisory, VDB Entry] http://osvdb.org/37725

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/4479

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id?1018758

[Third Party Advisory] http://www.vupen.com/english/advisories/2007/3328

Scores

EPSS 0.0628

EPSS Percentile 91.0%

Details

CWE

CWE-22

Status published

Products (1)

cyberlink/powerdvd 7.0

Published Oct 05, 2007

Tracked Since Feb 18, 2026