Absolute path traversal vulnerability in the ALMListView.ALMListCtrl ActiveX control in almaxcx.dll in the graphical user interface in Siemens Automation License ManagerID: oval:org.secpod.oval:def:4170 | Date: (C)2012-02-23 (M)2021-06-06 |
Class: VULNERABILITY | Family: windows |
The host is installed with Siemens Automation License Manager (ALM) 2.0 through 5.1+SP1+Upd2 and is prone to absolute path traversal vulnerability. A flaw is present in the application, which fails to properly handle ActiveX control in almaxcx.dll in the graphical user interface. Successful exploitation allows remote attackers to overwrite arbitrary files via the Save method.
Platform: |
Microsoft Windows 2000 |
Microsoft Windows 7 |
Microsoft Windows Server 2003 |
Microsoft Windows Server 2008 |
Microsoft Windows Vista |
Microsoft Windows XP |
Product: |
Siemens Automation License Manager |