Intrusion Prevention

MS.Rich.Textbox.Control.SaveFile.Arbitrary.File.Overwrite

Description

This indicates an attempt to exploit a file overwriting vulnerability in Microsoft Rich Textbox Control ActiveX control.
The vulnerability is due to lack of path verification in the control's method SaveFile. A remote attacker can exploit this vulnerability via a specially crafted web page to create or modify arbitrary files on the target system.

Affected Products

Microsoft Rich TextBox Control 6.0

Impact

System Compromise.

Recommended Actions

Currently we are not aware of any vendor supplied patch for this issue.

CVE References

CVE-2008-0237