Lucene search

[email protected]CVE-2008-3879

HistorySep 02, 2008 - 3:41 p.m.

CVE-2008-3879

2008-09-0215:41:00

CWE-20

[email protected]

web.nvd.nist.gov

security

vulnerability

activex

ultra.officecontrol

file download

remote attack

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

6.8 Medium

AI Score

Confidence

Low

0.094 Low

EPSS

Percentile

94.7%

JSON

The Ultra.OfficeControl ActiveX control in OfficeCtrl.ocx 2.0.2008.801 and earlier in Ultra Shareware Ultra Office Control allows remote attackers to force the download of arbitrary files onto a client system via a URL in the first argument to the Open method, in conjunction with a full destination pathname in the first argument (SaveAsDocument argument) to the Save method.

Affected configurations

NVD

Node

ultrasharewareultra_office_controlRange≤2.0.2008.801

CPENameOperatorVersion
ultrashareware:ultra_office_controlultrashareware ultra office controlle2.0.2008.801

CPE	Name	Operator	Version
ultrashareware:ultra_office_control	ultrashareware ultra office control	le	2.0.2008.801

References

secunia.com/advisories/31632

securityreason.com/securityalert/4201

www.securityfocus.com/bid/30863

www.shinnai.net/index.php?mod=02_Forum&group=Security&argument=Remote_performed_exploits&topic=1219827906.ff.php

www.shinnai.net/xplits/TXT_NPku7jFjRufaz85U6Lxn.html

exchange.xforce.ibmcloud.com/vulnerabilities/44750

www.exploit-db.com/exploits/6319

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

6.8 Medium

AI Score

Confidence

Low

0.094 Low

EPSS

Percentile

94.7%

JSON

Related for CVE-2008-3879

nvd1 cvelist1 prion1