Intrusion Prevention

Data.Dynamics.ActiveReports.ActiveX.Control.SaveLayout.Access

Description

This indicates a vulnerability in Data Dynamics ActiveReports ActiveX Control. The vulnerability is caused by a failure to check the argument of the "SaveLayout()" method in arpro2.dll. It allows remote attackers to overwrite an arbitrary file via the SaveLayout function.

Affected Products

Data Dynamics ActiveReport ActiveX Control 2.5

Impact

System compromise.

Recommended Actions

Currently we are not aware of any official supplied fix for this issue.

CVE References

CVE-2007-3982