Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-4493

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2008-4493
Last Modified 29 Jan 2009 01:56:35
Published 08 Oct 2008 06:00:02
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-4493

Summary

Microsoft PicturePusher ActiveX control (PipPPush.DLL 7.00.0709), as used in Microsoft Digital Image 2006 Starter Edition, allows remote attackers to force the upload of arbitrary files by using the AddString and Post methods and a modified PostURL to construct an HTTP POST request. NOTE: this issue might only be exploitable in limited environments or non-default browser settings.

Vulnerable Systems

Application

  • Microsoft Digital Image 2006


References

XF - picturepusher-activex-file-upload(45735)

SECTRACK - 1021018

BID - 31632

MILW0RM - 6699

SREASON - 4376


Last Updated: 27 May 2016 10:48:31