Vulnonym.org

CVE-2008-2511 - Kayoed Gaskets

Description

Directory traversal vulnerability in the UmxEventCli.CachedAuditDataList.1 (aka UmxEventCliLib) ActiveX control in UmxEventCli.dll in CA Internet Security Suite 2008 allows remote attackers to create and overwrite arbitrary files via a .. (dot dot) in the argument to the SaveToFile method. NOTE: this can be leveraged for code execution by writing to a Startup folder. NOTE: some of these details are obtained from third party information.

Reference

http://retrogod.altervista.org/9sg_CA_poc.html http://www.securitytracker.com/id?1020129 http://secunia.com/advisories/30420 http://www.vupen.com/english/advisories/2008/1696/references https://exchange.xforce.ibmcloud.com/vulnerabilities/42712 https://www.exploit-db.com/exploits/5682 http://www.securityfocus.com/archive/1/492679/100/0/threaded