OSVDB ID: 70723

Title: Newv SmartClient NewvCommon ActiveX (NewvCommon.ocx) DelFile() Method Arbitrary File Deletion

Info

Disclosure

Jan 10, 2011

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

Newv SmartClient NewvCommon ActiveX contains a flaw related to the NewvCommon.ocx control. The 'DelFile()' method does not properly handle user-supplied input, which may allow a remote attacker to delete arbitrary files.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Solution Unknown
Exploit: Exploit Public
Disclosure: Uncoordinated Disclosure

Solution

OSVDB is not aware of a solution for this vulnerability.

Products

Newway Software

Newv SmartClient NewvCommon ActiveX Control

1.1.0.0

References

Credit

Unknown or Incomplete



Direct URL: http://osvdb.org/70723