Vulnerability Description
Microsoft PicturePusher ActiveX control (PipPPush.DLL 7.00.0709), as used in Microsoft Digital Image 2006 Starter Edition, allows remote attackers to force the upload of arbitrary files by using the AddString and Post methods and a modified PostURL to construct an HTTP POST request. NOTE: this issue might only be exploitable in limited environments or non-default browser settings.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Digital Image | 2006 |
Related Weaknesses (CWE)
References
- http://securityreason.com/securityalert/4376
- http://www.securityfocus.com/bid/31632Exploit
- http://www.securitytracker.com/id?1021018
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45735
- https://www.exploit-db.com/exploits/6699
- http://securityreason.com/securityalert/4376
- http://www.securityfocus.com/bid/31632Exploit
- http://www.securitytracker.com/id?1021018
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45735
- https://www.exploit-db.com/exploits/6699
FAQ
What is CVE-2008-4493?
CVE-2008-4493 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Microsoft PicturePusher ActiveX control (PipPPush.DLL 7.00.0709), as used in Microsoft Digital Image 2006 Starter Edition, allows remote attackers to force the upload of arbitrary files by using the A...
How severe is CVE-2008-4493?
CVE-2008-4493 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-4493?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Digital Image.