CVE-2014-8789
FileVista < 6.0.9 - Authenticated Arbitrary File Write via Zip Archive Extraction
Title source: llmDescription
GleamTech FileVista before 6.1 allows remote authenticated users to create arbitrary files and possibly execute arbitrary code via a crafted path in a zip archive, which is not properly handled during extraction.
References (3)
Core 3
Core References
Mailing List mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2014/Nov/87
Various Sources x_refsource_confirm
http://support.gleamtech.com/kb/a10/version-history-of-filevista.aspx
Exploit, Third Party Advisory x_refsource_misc
http://packetstormsecurity.com/files/129304/FileVista-Path-Leakage-Path-Write-Modification.html
Scores
EPSS
0.0322
EPSS Percentile
86.7%
Details
CWE
CWE-20
Status
published
Products (1)
gleamtech/filevista
< 6.0.9
Published
Dec 02, 2014
Tracked Since
Feb 18, 2026