CVE-2008-3879 — HIGH (9.3) — White Hats Nepal

Q: How severe is CVE-2008-3879?

CVE-2008-3879 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2008-3879?

Check the references section above for vendor advisories and patch information. Affected products include: Ultrashareware Ultra Office Control.

Vulnerability Description

The Ultra.OfficeControl ActiveX control in OfficeCtrl.ocx 2.0.2008.801 and earlier in Ultra Shareware Ultra Office Control allows remote attackers to force the download of arbitrary files onto a client system via a URL in the first argument to the Open method, in conjunction with a full destination pathname in the first argument (SaveAsDocument argument) to the Save method.

CVSS Score

9.3

HIGH

AV:N/AC:M/Au:N/C:C/I:C/A:C

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE

Affected Products

Vendor	Product	Versions
Ultrashareware	Ultra Office Control	<= 2.0.2008.801

Related Weaknesses (CWE)

CWE-20

References

FAQ

What is CVE-2008-3879?

CVE-2008-3879 is a vulnerability with a CVSS score of 9.3 (HIGH). The Ultra.OfficeControl ActiveX control in OfficeCtrl.ocx 2.0.2008.801 and earlier in Ultra Shareware Ultra Office Control allows remote attackers to force the download of arbitrary files onto a clien...

How severe is CVE-2008-3879?

CVE-2008-3879 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2008-3879?

Check the references section above for vendor advisories and patch information. Affected products include: Ultrashareware Ultra Office Control.