Vulnerabilities > CVE-2007-2266 - Unspecified vulnerability in Progress Webspeed Messenger

CVSS 10.0 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

low complexity

progress

critical

NVD

Published: 2007-04-25

Updated: 2018-10-16

Summary

Progress Webspeed Messenger allows remote attackers to read, create, modify, and execute arbitrary files by invoking webutil/_cpyfile.p in the WService parameter to (1) cgiip.exe or (2) wsisa.dll in scripts/, as demonstrated by using the save,editor options to create a new file using the fileName parameter.

Vulnerable Configurations

Part	Description	Count
Application	Progress Progress Webspeed Messenger *	1

References

http://secunia.com/advisories/24988
http://www.ishare.nl/
http://www.securityfocus.com/archive/1/466771/100/0/threaded
http://www.securityfocus.com/archive/1/472574/100/0/threaded
http://www.securityfocus.com/bid/23634