Ashampoo 3D CAD Professional 3 ActiveX control Insecure Method
|Product:||Ashampoo 3D CAD Professional 3|
|Vendor:||Ashampoo GmbH & Co|
|Vulnerable Versions:||3.0.1 and probably prior|
|Advisory Publication:||June 7, 2011 [without technical details]|
|Vendor Notification:||June 7, 2011|
|Public Disclosure:||June 28, 2011|
|Latest Update:||June 28, 2011|
|Vulnerability Type:||Exposed Unsafe ActiveX Method [CWE-618]|
|CVSSv2 Base Score:||9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)|
|Solution Status:||Fixed by Vendor|
|Discovered and Provided:||High-Tech Bridge Security Research Lab|
High-Tech Bridge SA Security Research Lab has discovered a vulnerability in Ashampoo 3D CAD Professional 3 ActiveX control which could be exploited to compromise vulnerable system.
|Upgrade to 3.0.2 or later version.|
| High-Tech Bridge Advisory HTB23019 - https://www.immuniweb.com/advisory/HTB23019 - Ashampoo 3D CAD Professional 3 ActiveX control Insecure Method|
 Ashampoo 3D CAD Professional 3 ActiveX control - ashampoo.com – An ActiveX control for Ashampoo 3D CAD Professional.
 Common Weakness Enumeration (CWE) - http://cwe.mitre.org - targeted to developers and security practitioners, CWE is a formal list of software weakness types.
Please feel free to send us any additional information related to this Advisory, such as vulnerable versions, additional exploitation details and conditions, patches and other relevant details.