Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-7168

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2008-7168
Last Modified 09 Sep 2009 12:00:00
Published 08 Sep 2009 06:30:01
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-7168

Summary

Insecure method vulnerability in the UUSee UUUpgrade ActiveX control (UUUpgrade.ocx 3.0.2.12) allows remote attackers to force the download and overwrite of arbitrary files via crafted arguments to the Update method, as exploited in the wild in June 2009.

Vulnerable Systems

Application

  • Uusee 4.0.0.32 2008

  • Uusee Uuupgrade.ocx 3.0.2.12


References

XF - uusee-uuupgrade-update-file-overwrite(43428)

BID - 29963

MISC - http://downloads.securityfocus.com/vulnerabilities/exploits/29963.html


Last Updated: 27 May 2016 10:49:29