A vulnerability has been discovered in the Synactis ALL In-The-Box ActiveX control, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to the All_In_The_Box.AllBox ActiveX control (All_In_The_Box.ocx) providing the insecure "SaveDoc()" method. This can be exploited to overwrite arbitrary files on the system via a filename terminated by a NULL byte.
Successful exploitation allows execution of arbitrary code.
The vulnerability is confirmed in All_In_The_Box.ocx version 3.1.2.0. Other versions may also be affected.
Comments