• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Data Dynamics ActiveReports Actrpt2.DLL ActiveX Control Arbitrary File Overwrite Vulnerability

Data Dynamics ActiveReports ActiveX control is prone to an arbitrary file-overwrite vulnerability due to a design error.

An attacker can exploit this issue to overwrite arbitrary files on the victim's computer in the context of the vulnerable application using the ActiveX control (typically Internet Explorer). Successful exploits will allow attackers to cause denial-of-service conditions; other consequences are possible.

This issue affect Data Dynamics ActiveReports 2.5 and prior versions.