Vulnerability CVE-2008-7168


Published: 2009-09-08   Modified: 2012-02-12

Description:
Insecure method vulnerability in the UUSee UUUpgrade ActiveX control (UUUpgrade.ocx 3.0.2.12) allows remote attackers to force the download and overwrite of arbitrary files via crafted arguments to the Update method, as exploited in the wild in June 2009.

CVSS2 => (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
9.3/10
10/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Uusee -> Uusee 
Uusee -> Uuupgrade.ocx 

 References:
http://downloads.securityfocus.com/vulnerabilities/exploits/29963.html
http://www.securityfocus.com/bid/29963
https://exchange.xforce.ibmcloud.com/vulnerabilities/43428

Copyright 2024, cxsecurity.com

 

Back to Top