1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. HTTP Pegasus ImagXpress ActiveX File Overwrite

HTTP Pegasus ImagXpress ActiveX File Overwrite

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects attempt to exploit a file overwrite vulnerability by passing special arguments into a method of Pegasus Imaging ImagXpress ActiveX control.

Additional Information

Pegasus Imaging ImagXpress is a set of ActiveX components that provide image manipulation and display functionality for developers of applications.

The ActiveX control is prone to an arbitrary file-overwrite vulnerability.

This issue resides in the 'CompactFile()' method in the ActiveX control with CLSID: 6277B638-833D-4315-9D78-60FC451DAF07.

The vulnerable method is used to compress files on the local hard drive. It contains no safeguards to protect existing files from being overwritten during its operation.

An attacker can exploit this issue to overwrite arbitrary local files. This may aid in further attacks.

This issue affects Pegasus Imaging ImagXpress 8.0; other versions may also be vulnerable.

Affected

  • Pegasus Imaging Corporation. ImagXpress 8.0
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube