CyberSec.Space Logo
Back to CVE Browser

CVE-2007-4982

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0910%
EPSS Percentile35.52th
PublishedSep 19, 2007
Last ModifiedApr 23, 2026

Vulnerability Description

Multiple absolute path traversal vulnerabilities in the MW6QRCode.QRCode.1 ActiveX control in MW6QRCode.dll in MW6 Technologies QRCode ActiveX 3.0.0.1 and earlier allow remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the (1) SaveAsBMP or (2) SaveAsWMF method. NOTE: some of these details are obtained from third party information.

Affected Platforms (CPE)

πŸ“¦
Mw6 Technologies

Qrcode Activex

<= 3.0.0.1

References & Advisories

πŸ”— http://osvdb.org/37914
πŸ”— http://osvdb.org/37915
πŸ”— http://secunia.com/advisories/26836
πŸ”— http://www.securityfocus.com/bid/25702
πŸ”— http://www.shinnai.altervista.org/exploits/OREurGhGgAtlCT8J2jSY.html
πŸ”— http://www.vupen.com/english/advisories/2007/3195
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/36666
πŸ”— https://www.exploit-db.com/exploits/4420

Related Vulnerabilities

CVE-2007-182210.0

Alcatel-Lucent Lucent Technologies voice mail systems allow remote attackers to retrieve or remove messages, or reconfigure mailbo...

CVE-2007-005710.0

Cisco Clean Access (CCA) 3.6.x through 3.6.4.2 and 4.0.x through 4.0.3.2 does not properly configure or allow modification of a sh...

CVE-2007-350010.0

Xeweb XEForum allows remote attackers to gain privileges via a modified xeforum cookie.

CVE-2007-010010.0

The Perforce client does not restrict the set of files that it overwrites upon receiving a request from the server, which allows r...