Vulnerabilities > CVE-2007-2266 - Unspecified vulnerability in Progress Webspeed Messenger

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

progress

NVD

Published: 2007-04-25

Updated: 2018-10-16

Summary

Progress Webspeed Messenger allows remote attackers to read, create, modify, and execute arbitrary files by invoking webutil/_cpyfile.p in the WService parameter to (1) cgiip.exe or (2) wsisa.dll in scripts/, as demonstrated by using the save,editor options to create a new file using the fileName parameter.

Vulnerable Configurations

Part	Description	Count
Application	Progress Progress Webspeed Messenger *	1

References

http://www.securityfocus.com/bid/23634
http://www.ishare.nl/
http://secunia.com/advisories/24988
http://www.securityfocus.com/archive/1/472574/100/0/threaded
http://www.securityfocus.com/archive/1/466771/100/0/threaded