CVE-2007-4067 : Absolute path traversal vulnerability in the clInetSuiteX6.clWebDav ActiveX cont

Absolute path traversal vulnerability in the clInetSuiteX6.clWebDav ActiveX control in CLINETSUITEX6.OCX in Clever Internet ActiveX Suite 6.2 allows remote attackers to create or overwrite arbitrary files via a full pathname in the second argument to the GetToFile method. NOTE: some of these details are obtained from third party information.

Published 2007-07-30 17:30:00

Updated 2025-04-09 00:30:58

Source MITRE

View at NVD, CVE.org

Vulnerability category: Directory traversal

Products affected by CVE-2007-4067

Clever Components » Internet Activex Suite
Versions up to, including, (<=) 6.2
cpe:2.3:a:clever_components:internet_activex_suite:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2007-4067

EPSS FAQ

5.62%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 89 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2007-4067

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
9.3	HIGH	AV:N/AC:M/Au:N/C:C/I:C/A:C	8.6	10.0	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

References for CVE-2007-4067

http://secunia.com/advisories/26213

Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/35590
http://www.securityfocus.com/bid/25063

Exploit
http://www.vupen.com/english/advisories/2007/2659
http://www.attrition.org/pipermail/vim/2007-July/001729.html

[VIM] Remote File Inclusion: it's not just for PHP anymore
Exploit;Patch
https://www.exploit-db.com/exploits/4226

Jump to

Vulnerability Details : CVE-2007-4067

Products affected by CVE-2007-4067

Exploit prediction scoring system (EPSS) score for CVE-2007-4067

CVSS scores for CVE-2007-4067

References for CVE-2007-4067