CVE-2011-4532

2012-01-08 21:55:01 2012-01-09 06:00:00

Absolute path traversal vulnerability in the ALMListView.ALMListCtrl ActiveX control in almaxcx.dll in the graphical user interface in Siemens Automation License Manager (ALM) 2.0 through 5.1+SP1+Upd2 allows remote attackers to overwrite arbitrary files via the Save method.

Vector

NETWORK

Complexity

LOW

Authentication

NONE

Confidentiality

NONE

Integrity

PARTIAL

Availability

NONE

Apsaly 2.10

Siemens - Automation license manager

Advisory	Patch	Confirmed	Link
			http://www.us-cert.gov/control_systems/pdf/ICSA-11-361-0...
			http://support.automation.siemens.com/WW/view/en/114358
			http://support.automation.siemens.com/WW/llisapi.dll/572...
			http://aluigi.altervista.org/adv/almsrvx_1-adv.txt

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (ID 22)

Related CAPEC 7 Relative Path Traversal (CAPEC-ID 139) Directory Traversal (CAPEC-ID 213) File System Function Injection, Content Based (CAPEC-ID 23) Using Slashes and URL Encoding Combined to Bypass Validation Logic (CAPEC-ID 64) Manipulating Input to File System Calls (CAPEC-ID 76) Using Escaped Slashes in Alternate Encoding (CAPEC-ID 78) Using Slashes in Alternate Encoding (CAPEC-ID 79)