Published: 10/02/2009 Updated: 29/09/2017
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
VMScore: 935
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Summary

The SaveDoc method in the All_In_The_Box.AllBox ActiveX control in ALL_IN_THE_BOX.OCX in Synactis ALL In-The-Box ActiveX 3 allows remote malicious users to create and overwrite arbitrary files via an argument ending in a '\0' character, which bypasses the intended .box filename extension, as demonstrated by a C:\boot.ini\0 argument.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.
Vulnerable Product Search on Vulmon Subscribe to Product

synactis all in the box.ocx 3


Digital Security Research Group [DSecRG] Advisory #DSECRG-09-006 wwwdsecrgcom/pages/vul/showphp?id=62 Application: Synactis All_IN_THE_BOX ActiveX Versions Affected: 3 Vendor URL: synactiscom Bugs: Null byte File overwriting Exploits: ...