CVE-2004-1610

Properties

Published:
17.10.2004
Updated:
20.10.2005
Patch available:
Severity:
High
CVSS vector:
(AV:R/AC:L/Au:NR/C:P/I:P/A:P/B:N) Approximated
Product:
Best Software: SalesLogix

Vulnerability description

SalesLogix 6.1 uses client-specified pathnames for writing certain files, which might allow remote authenticated users to create arbitrary files and execute code via the (1) vMME.AttachmentPath or (2) vMME.LibraryPath variables.

References:

BUGTRAQ: http://marc.theaimsgroup.com/?l=bugtraq&m=109811852218478&w=2
BUGTRAQ: http://marc.theaimsgroup.com/?l=bugtraq&m=109811852218478&w=2