Unsafe ActiveX Control Marked Safe For Scripting

CVE-2014-2368

High

7.5/10

Summary

The BrowseFolder method in the bwocxrun ActiveX control in Advantech WebAccess before 7.2 allows remote attackers to read arbitrary files via a crafted call.

Access Complexity: LOW
AccessVector: NETWORK
Authentication: NONE
Integrity Impact: PARTIAL
Confidentiality Impact: PARTIAL
Availability Impact: PARTIAL

CWE-623 - Unsafe ActiveX Control Marked Safe For Scripting

An ActiveX control is intended for restricted use, but it has been marked as safe-for-scripting.

References

Advisory Timeline

Published Jul 19, 2014

Unsafe ActiveX Control Marked Safe For Scripting

CVE-2014-2368

Summary

CWE-623 - Unsafe ActiveX Control Marked Safe For Scripting

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS