CVE-2007-4983
published 2007-09-19CVE-2007-4983: Directory traversal vulnerability in the JetAudio.Interface.1 ActiveX control in JetFlExt.dll in jetAudio 7.0.3 Basic and 7.0.3.3016 allows remote attackers to…
PriorityP354critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
47.26%
98.7th percentile
Directory traversal vulnerability in the JetAudio.Interface.1 ActiveX control in JetFlExt.dll in jetAudio 7.0.3 Basic and 7.0.3.3016 allows remote attackers to create or overwrite arbitrary local files via a ..\ (dot dot backslash) in the second argument to the DownloadFromMusicStore method. NOTE: some of these details are obtained from third party information. NOTE: this can be leveraged for code execution by overwriting JetAudio.exe, which is launched by the control after completion of the method call.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cowon_america | jetaudio | — | — |
| cowon_america | jetaudio | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
http://osvdb.org/37737http://secunia.com/advisories/26787http://www.securityfocus.com/bid/25723http://www.securitytracker.com/id?1018716http://www.vupen.com/english/advisories/2007/3196https://exchange.xforce.ibmcloud.com/vulnerabilities/36693https://www.exploit-db.com/exploits/4427http://osvdb.org/37737http://secunia.com/advisories/26787http://www.securityfocus.com/bid/25723http://www.securitytracker.com/id?1018716http://www.vupen.com/english/advisories/2007/3196https://exchange.xforce.ibmcloud.com/vulnerabilities/36693https://www.exploit-db.com/exploits/4427
2007-09-19
Published