| Name | Pegasus.Imaging.ImagXpress.ActiveX.File.Delete |
| Release Date | Jan 05, 2010 |
| Severity | Medium |
| Impact | System Compromise: Remote attackers can delete arbitrary files in vulnerable systems. |
| Description | This indicates an attempt to exploit a file-deleting vulnerability in Pegasus Imaging ImagXpress.
The vulnerability is located in the "PegasusImaging.ActiveX.ThumnailXpress1.dll" ActiveX control. It may allow remote attackers to delete arbitrary files in vulnerable systems via a malicious argument to the "CacheFile" method. |
| Affected Products | Pegasus Imaging Corporation. ImagXpress 8.0 |
| Recommended Actions | Set the kill bit for the following Class ID:
{6277B638-833D-4315-9D78-60FC451DAF07} |
| Common Vulnerabilities and Exposures (CVE) | http://cve.mitre.org/cgi-bin/cvename.cgi?name=2007-5320
|
| Reference/s | http://www.securityfocus.com/bid/25948 (BugTraq)
|