Lucene search

[email protected]CVE-2008-7168

HistorySep 08, 2009 - 10:30 a.m.

CVE-2008-7168

2009-09-0810:30:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

security

vulnerability

uusee

uuupgrade

activex

remote attackers

file overwrite

exploit

7.6 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.011 Low

EPSS

Percentile

84.3%

JSON

Insecure method vulnerability in the UUSee UUUpgrade ActiveX control (UUUpgrade.ocx 3.0.2.12) allows remote attackers to force the download and overwrite of arbitrary files via crafted arguments to the Update method, as exploited in the wild in June 2009.

CPENameOperatorVersion
uusee:uuseeuuseeeq4.0.0.32_2008
uusee:uuupgrade.ocxuusee uuupgrade.ocxeq3.0.2.12

CPE	Name	Operator	Version
uusee:uusee	uusee	eq	4.0.0.32_2008
uusee:uuupgrade.ocx	uusee uuupgrade.ocx	eq	3.0.2.12

References

downloads.securityfocus.com/vulnerabilities/exploits/29963.html

www.securityfocus.com/bid/29963

exchange.xforce.ibmcloud.com/vulnerabilities/43428

7.6 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.011 Low

EPSS

Percentile

84.3%

JSON

Related for CVE-2008-7168

prion1 cvelist1