Lucene search

[email protected]NVD:CVE-2008-3879

HistorySep 02, 2008 - 3:41 p.m.

CVE-2008-3879

2008-09-0215:41:00

CWE-20

[email protected]

web.nvd.nist.gov

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

6.8

Confidence

Low

EPSS

0.094

Percentile

94.7%

JSON

The Ultra.OfficeControl ActiveX control in OfficeCtrl.ocx 2.0.2008.801 and earlier in Ultra Shareware Ultra Office Control allows remote attackers to force the download of arbitrary files onto a client system via a URL in the first argument to the Open method, in conjunction with a full destination pathname in the first argument (SaveAsDocument argument) to the Save method.

Affected configurations

Nvd

Node

ultrasharewareultra_office_controlRange≤2.0.2008.801

VendorProductVersionCPE
ultrasharewareultra_office_control*cpe:2.3:a:ultrashareware:ultra_office_control:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ultrashareware	ultra_office_control	*	cpe:2.3:a:ultrashareware:ultra_office_control::::::::

References

secunia.com/advisories/31632

securityreason.com/securityalert/4201

www.securityfocus.com/bid/30863

www.shinnai.net/index.php?mod=02_Forum&group=Security&argument=Remote_performed_exploits&topic=1219827906.ff.php

www.shinnai.net/xplits/TXT_NPku7jFjRufaz85U6Lxn.html

exchange.xforce.ibmcloud.com/vulnerabilities/44750

www.exploit-db.com/exploits/6319

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

6.8

Confidence

Low

EPSS

0.094

Percentile

94.7%

JSON

Related for NVD:CVE-2008-3879

prion1 exploitdb1 cve1 cvelist1