Vulnerabilities > CVE-2007-3983 - Directory Traversal vulnerability in Datadynamics Activereports 2.0

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
low complexity
datadynamics
exploit available
NVD
Published: 2007-07-25
Updated: 2017-07-29

Summary

Absolute path traversal vulnerability in the Data Dynamics DDActiveReports2.ActiveReport.2 (ActiveReports) ActiveX control in arpro2.dll in ActiveReports 2.0 Professional Edition 2.5.0.1308 (SP5 RC) allows remote attackers to create or overwrite arbitrary files via a full pathname in an argument to the SaveLayout method. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Vulnerable Configurations

Part Description Count
Application
Datadynamics
1

Exploit-Db

descriptionData Dynamics ActiveReport ActiveX (actrpt2.dll <= 2.5) Inscure Method. CVE-2007-3982,CVE-2007-3983. Remote exploit for windows platform
fileexploits/windows/remote/4208.html
idEDB-ID:4208
last seen2016-01-31
modified2007-07-21
platformwindows
port
published2007-07-21
reportershinnai
sourcehttps://www.exploit-db.com/download/4208/
titleData Dynamics ActiveReport ActiveX actrpt2.dll <= 2.5 Inscure Method
typeremote

References