製品・ソフトウェアに関する情報

JVN脆弱性詳細

Pegasus Imaging ImagXpress における絶対パストラバーサルの脆弱性

Title	Pegasus Imaging ImagXpress における絶対パストラバーサルの脆弱性
Summary	Pegasus Imaging ImagXpress には、絶対パストラバーサルの脆弱性が存在します。
Possible impacts	第三者により、以下の影響を受ける可能性があります。 (1) ThumbnailXpres.1 ActiveX コントロール (PegasusImaging.ActiveX.ThumnailXpress1.dll) 内の CacheFile 属性を介して、任意のファイルを削除される (2) CompactFile function in the ImagXpress.8 ActiveX コントロール (PegasusImaging.ActiveX.ImagXpress8.dll) の CompactFile 関数を介して、任意のファイルを上書きされる
Solution	ベンダ情報および参考情報を参照して適切な対策を実施してください。
Publication Date	Oct. 9, 2007, midnight
Registration Date	Sept. 25, 2012, 4:59 p.m.
Last Update	Sept. 25, 2012, 4:59 p.m.

Affected System

pegasus imaging

imagxpress 8.0

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2007-5320	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5320
National Vulnerability Database (NVD)
2	CVE-2007-5320	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-5320

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-22	https://jvndb.jvn.jp/ja/cwe/CWE-22.html

ベンダー情報

No	Name	URL
pegasus imaging
1	Imaging ImagXpress	http://www.accusoft.com/tnxpressfaq.htm

Change Log

No	Changed Details	Date of change
0	[2012年09月25日] 掲載	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2007-5320

Summary	Multiple absolute path traversal vulnerabilities in Pegasus Imaging ImagXpress 8.0 allow remote attackers to (1) delete arbitrary files via the CacheFile attribute in the ThumbnailXpres.1 ActiveX control (PegasusImaging.ActiveX.ThumnailXpress1.dll) or (2) overwrite arbitrary files via the CompactFile function in the ImagXpress.8 ActiveX control (PegasusImaging.ActiveX.ImagXpress8.dll).
Summary	Múltiples vulnerabilidades de salto de directorio absoluto en Pegasus Imaging ImagXpress 8.0 permite a atacantes remotos (1) borrar ficheros de su elección mediante el atributo CacheFile en el control ActiveX ThumbnailXpres.1 (PegasusImaging.ActiveX.ThumnailXpress1.dll) o (2) sobrescribir ficheros de su elección mediante la función CompactFile en el control ActiveX ImagXpress.8 (PegasusImaging.ActiveX.ImagXpress8.dll).
Publication Date	Oct. 10, 2007, 7:17 a.m.
Registration Date	Jan. 29, 2021, 2:21 p.m.
Last Update	April 23, 2026, 9:35 a.m.

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:pegasus_imaging:imagxpress:8.0:::::::*

Related information, measures and tools

No	URL	refsource
1	http://osvdb.org/37959	cve@mitre.org
2	http://osvdb.org/37960	cve@mitre.org
3	http://secunia.com/advisories/27095	cve@mitre.org
4	http://shinnai.altervista.org/exploits/txt/TXT_3DQ1nIkI6zmWCek4zP5U.html	cve@mitre.org
5	http://shinnai.altervista.org/exploits/txt/TXT_wfv7ZG0G6KnQlk1SieLd.html	cve@mitre.org
6	http://www.securityfocus.com/bid/25948	cve@mitre.org
7	http://www.securityfocus.com/bid/25949	cve@mitre.org
8	http://www.vupen.com/english/advisories/2007/3388	cve@mitre.org
9	https://exchange.xforce.ibmcloud.com/vulnerabilities/37012	cve@mitre.org
10	http://osvdb.org/37959	af854a3a-2127-422b-91ae-364da2661108
11	http://osvdb.org/37960	af854a3a-2127-422b-91ae-364da2661108
12	http://secunia.com/advisories/27095	af854a3a-2127-422b-91ae-364da2661108
13	http://shinnai.altervista.org/exploits/txt/TXT_3DQ1nIkI6zmWCek4zP5U.html	af854a3a-2127-422b-91ae-364da2661108
14	http://shinnai.altervista.org/exploits/txt/TXT_wfv7ZG0G6KnQlk1SieLd.html	af854a3a-2127-422b-91ae-364da2661108
15	http://www.securityfocus.com/bid/25948	af854a3a-2127-422b-91ae-364da2661108
16	http://www.securityfocus.com/bid/25949	af854a3a-2127-422b-91ae-364da2661108
17	http://www.vupen.com/english/advisories/2007/3388	af854a3a-2127-422b-91ae-364da2661108
18	https://exchange.xforce.ibmcloud.com/vulnerabilities/37012	af854a3a-2127-422b-91ae-364da2661108

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-22	パス・トラバーサル	https://cwe.mitre.org/data/definitions/22.html