Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-4493


Vulnerability Score 6.8 6.8
CVE Id CVE-2008-4493
Last Modified 29 Jan 2009 01:56:35
Published 08 Oct 2008 06:00:02
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE



Microsoft PicturePusher ActiveX control (PipPPush.DLL 7.00.0709), as used in Microsoft Digital Image 2006 Starter Edition, allows remote attackers to force the upload of arbitrary files by using the AddString and Post methods and a modified PostURL to construct an HTTP POST request. NOTE: this issue might only be exploitable in limited environments or non-default browser settings.

Vulnerable Systems


  • Microsoft Digital Image 2006


XF - picturepusher-activex-file-upload(45735)

SECTRACK - 1021018

BID - 31632

MILW0RM - 6699

SREASON - 4376

Last Updated: 27 May 2016 10:48:31