The host is installed with Siemens Automation License Manager (ALM) 2.0 through 5.1+SP1+Upd2 and is prone to absolute path traversal vulnerability. A flaw is present in the application, which fails to properly handle ActiveX control in almaxcx.dll in the graphical user interface. Successful exploitation allows remote attackers to overwrite arbitrary files via the Save method.