CVE-2009-1743

Published: 21/05/2009 Updated: 10/10/2018

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

VMScore: 935

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Directory traversal vulnerability in InstallHFZ.exe 6.5.201.0 in Pinnacle Hollywood Effects 6, a module in Pinnacle Systems Pinnacle Studio 12, allows remote malicious users to create and overwrite arbitrary files via a filename containing a ..\ (dot dot backslash) sequence in a Hollywood FX Compressed Archive (.hfz) file. NOTE: this can be leveraged for code execution by decompressing a file to a Startup folder. NOTE: some of these details are obtained from third party information.

Vulnerable Product	Search on Vulmon	Subscribe to Product
pinnaclesys pinnacle_studio 12

<?php /* Pinnacle Studio 12 "Hollywood FX Compressed Archive" (hfz) directory traversal vulnerability poc by Nine:Situations:Group::pyrokinesis Our site: retrogodaltervistaorg/ Software site: wwwpinnaclesyscom/ Some keys exported from the registry: [HKEY_CLASSES_ROOT\hfz] ...

CWE-22 http://retrogod.altervista.org/9sg_pinnacle_studio_12_hfz.htm http://osvdb.org/54430 http://secunia.com/advisories/35078 http://www.securityfocus.com/bid/34936 https://exchange.xforce.ibmcloud.com/vulnerabilities/50510 https://www.exploit-db.com/exploits/8670 http://www.securityfocus.com/archive/1/503476/100/0/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/8670/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2009-1743

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect