返回 CVE 瀏覽器

CVE-2007-4982

CRITICAL

10.0

CVSS Severity Score

EPSS Score0.0910%

EPSS Percentile35.52th

Published2007年9月19日

Last Modified2026年4月23日

Vulnerability Description

Multiple absolute path traversal vulnerabilities in the MW6QRCode.QRCode.1 ActiveX control in MW6QRCode.dll in MW6 Technologies QRCode ActiveX 3.0.0.1 and earlier allow remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the (1) SaveAsBMP or (2) SaveAsWMF method. NOTE: some of these details are obtained from third party information.

Affected Platforms (CPE)

📦

Mw6 Technologies

Qrcode Activex

<= 3.0.0.1

References & Advisories

🔗 http://osvdb.org/37914

🔗 http://osvdb.org/37915

🔗 http://secunia.com/advisories/26836

🔗 http://www.securityfocus.com/bid/25702

🔗 http://www.shinnai.altervista.org/exploits/OREurGhGgAtlCT8J2jSY.html

🔗 http://www.vupen.com/english/advisories/2007/3195

🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/36666

🔗 https://www.exploit-db.com/exploits/4420

相關漏洞威脅

CVE-2007-049610.0

PHP remote file inclusion vulnerability in lib/nl/nl.php in Neon Labs Website (nlws) 3.2 and earlier allows remote attackers to ex...

CVE-2007-195910.0

Unspecified vulnerability in the process_cmdent function in command.cpp in TinyMUX before 2.4 has unknown impact and attack vector...

CVE-2007-350010.0

Xeweb XEForum allows remote attackers to gain privileges via a modified xeforum cookie.

CVE-2007-020310.0

Multiple unspecified vulnerabilities in phpMyAdmin before 2.9.2-rc1 have unknown impact and attack vectors.