Strike ID:
E10-6bz02
CVSS:
5.7 (AV:N/AC:M/Au:N/C:N/I:P/A:P)
False Positive:
t
Variants:
1
Year:
2010

Description

This strike exploits a file deletion vulnerability within Novell iPrint Clients ActiveX control. If the CleanupUploadFiles method is called it deletes the files in the ziPFilePath parameter without any validation of the parameter. In this attack the folder named removeme will be deleted from C:\.

CVE

References

MSB

BID

ExploitDB

Secunia

Security Tracker

Metasploit

ZDI

Google

OSVDB

{}