CVE-2009-0465 - Vulnerability Details - OpenCVE

The SaveDoc method in the All_In_The_Box.AllBox ActiveX control in ALL_IN_THE_BOX.OCX in Synactis ALL In-The-Box ActiveX 3 allows remote attackers to create and overwrite arbitrary files via an argument ending in a '\0' character, which bypasses the intended .box filename extension, as demonstrated by a C:\boot.ini\0 argument.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Synactis	All In The Box.ocx

Configuration 1 [-]

cpe:2.3:a:synactis:all_in_the_box.ocx:3:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://osvdb.org/51693
http://secunia.com/advisories/33728
http://www.dsecrg.com/pages/vul/show.php?id=62
http://www.securityfocus.com/bid/33535
http://www.vupen.com/english/advisories/2009/0298
https://www.exploit-db.com/exploits/7928

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2009-02-06T01:00:00

Updated: 2024-08-07T04:31:26.282Z

Reserved: 2009-02-05T00:00:00

Link: CVE-2009-0465

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2009-02-10T07:00:24.530

Modified: 2025-04-09T00:30:58.490

Link: CVE-2009-0465

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2009-01-30T00:00:00", "descriptions": [{"lang": "en", "value": "The SaveDoc method in the All_In_The_Box.AllBox ActiveX control in ALL_IN_THE_BOX.OCX in Synactis ALL In-The-Box ActiveX 3 allows remote attackers to create and overwrite arbitrary files via an argument ending in a '\\0' character, which bypasses the intended .box filename extension, as demonstrated by a C:\\boot.ini\\0 argument."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "33535", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/33535"}, {"name": "51693", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/51693"}, {"tags": ["x_refsource_MISC"], "url": "http://www.dsecrg.com/pages/vul/show.php?id=62"}, {"name": "ADV-2009-0298", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2009/0298"}, {"name": "33728", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/33728"}, {"name": "7928", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/7928"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2009-0465", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The SaveDoc method in the All_In_The_Box.AllBox ActiveX control in ALL_IN_THE_BOX.OCX in Synactis ALL In-The-Box ActiveX 3 allows remote attackers to create and overwrite arbitrary files via an argument ending in a '\\0' character, which bypasses the intended .box filename extension, as demonstrated by a C:\\boot.ini\\0 argument."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "33535", "refsource": "BID", "url": "http://www.securityfocus.com/bid/33535"}, {"name": "51693", "refsource": "OSVDB", "url": "http://osvdb.org/51693"}, {"name": "http://www.dsecrg.com/pages/vul/show.php?id=62", "refsource": "MISC", "url": "http://www.dsecrg.com/pages/vul/show.php?id=62"}, {"name": "ADV-2009-0298", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2009/0298"}, {"name": "33728", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/33728"}, {"name": "7928", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/7928"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T04:31:26.282Z"}, "title": "CVE Program Container", "references": [{"name": "33535", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/33535"}, {"name": "51693", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/51693"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.dsecrg.com/pages/vul/show.php?id=62"}, {"name": "ADV-2009-0298", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2009/0298"}, {"name": "33728", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/33728"}, {"name": "7928", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/7928"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2009-0465", "datePublished": "2009-02-06T01:00:00", "dateReserved": "2009-02-05T00:00:00", "dateUpdated": "2024-08-07T04:31:26.282Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:synactis:all_in_the_box.ocx:3:*:*:*:*:*:*:*", "matchCriteriaId": "6632DAA2-39AF-4B87-90C3-9360DF3651F9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The SaveDoc method in the All_In_The_Box.AllBox ActiveX control in ALL_IN_THE_BOX.OCX in Synactis ALL In-The-Box ActiveX 3 allows remote attackers to create and overwrite arbitrary files via an argument ending in a '\\0' character, which bypasses the intended .box filename extension, as demonstrated by a C:\\boot.ini\\0 argument."}, {"lang": "es", "value": "El m\u00e9todo SaveDoc en el control ActiveX the All_In_The_Box.AllBox en ALL_IN_THE_BOX.OCX in Synactis ALL In-The-Box ActiveX 3, permite a atacantes remotos crear y sobrescribir archivos de su elecci\u00f3n a trav\u00e9s de un argumento con un car\u00e1cter final '\\0', lo que evita los nombres de archivo con extensiones .box, como se ha demostrado con el argumento C:\\boot.ini\\0."}], "id": "CVE-2009-0465", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2009-02-10T07:00:24.530", "references": [{"source": "cve@mitre.org", "url": "http://osvdb.org/51693"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/33728"}, {"source": "cve@mitre.org", "url": "http://www.dsecrg.com/pages/vul/show.php?id=62"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/33535"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2009/0298"}, {"source": "cve@mitre.org", "url": "https://www.exploit-db.com/exploits/7928"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/51693"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/33728"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.dsecrg.com/pages/vul/show.php?id=62"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/33535"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2009/0298"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.exploit-db.com/exploits/7928"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}