← back
CVE-2007-4983

CVE-2007-4983

EPSS 47.3%
Directory traversal vulnerability in the JetAudio.Interface.1 ActiveX control in JetFlExt.dll in jetAudio 7.0.3 Basic and 7.0.3.3016 allows remote attackers to create or overwrite arbitrary local files via a ..\ (dot dot backslash) in the second argument to the DownloadFromMusicStore method. NOTE: some of these details are obtained from third party information. NOTE: this can be leveraged for code execution by overwriting JetAudio.exe, which is launched by the control after completion of the method call.
Affected products
n/a · n/a
public PoCs found1
cve_referencewww.exploit-db.com/exploits/4427unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://osvdb.org/37737http://secunia.com/advisories/26787https://exchange.xforce.ibmcloud.com/vulnerabilities/36693https://www.exploit-db.com/exploits/4427http://www.securityfocus.com/bid/25723http://www.securitytracker.com/id?1018716http://www.vupen.com/english/advisories/2007/3196