CVE-2007-5320

Pegasus Imaging ImagXpress 8.0 - Path Traversal via CacheFile and CompactFile Attributes

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-5320. PoCs published by shinnai.

AI-analyzed exploit summary This exploit leverages an insecure method in Pegasus Imaging ImagXpress 8.0 ActiveX control to overwrite arbitrary files on the target system. The `CompactFile()` method is abused to overwrite a critical file (e.g., `cmd.exe`) with another file, leading to potential system compromise.

Description

Multiple absolute path traversal vulnerabilities in Pegasus Imaging ImagXpress 8.0 allow remote attackers to (1) delete arbitrary files via the CacheFile attribute in the ThumbnailXpres.1 ActiveX control (PegasusImaging.ActiveX.ThumnailXpress1.dll) or (2) overwrite arbitrary files via the CompactFile function in the ImagXpress.8 ActiveX control (PegasusImaging.ActiveX.ImagXpress8.dll).

Exploits (1)

exploitdb WORKING POC VERIFIED

by shinnai · htmlremotewindows

https://www.exploit-db.com/exploits/4488

View Code ZIP pw:eip

This exploit leverages an insecure method in Pegasus Imaging ImagXpress 8.0 ActiveX control to overwrite arbitrary files on the target system. The `CompactFile()` method is abused to overwrite a critical file (e.g., `cmd.exe`) with another file, leading to potential system compromise.

Classification

Working Poc 95%

Attack Type

Other

Complexity

Trivial

Reliability

Reliable

Target: Pegasus Imaging ImagXpress 8.0 (ActiveX control)

No auth needed

Prerequisites: Target must have the vulnerable ActiveX control installed · Victim must visit a malicious webpage or open a malicious HTML file

MITRE ATT&CK