Vulnerability Description
Insecure method vulnerability in the UUSee UUUpgrade ActiveX control (UUUpgrade.ocx 3.0.2.12) allows remote attackers to force the download and overwrite of arbitrary files via crafted arguments to the Update method, as exploited in the wild in June 2009.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Uusee | Uusee | 4.0.0.32_2008 |
| Uusee | Uuupgrade.Ocx | 3.0.2.12 |
References
- http://downloads.securityfocus.com/vulnerabilities/exploits/29963.htmlExploit
- http://www.securityfocus.com/bid/29963Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/43428
- http://downloads.securityfocus.com/vulnerabilities/exploits/29963.htmlExploit
- http://www.securityfocus.com/bid/29963Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/43428
FAQ
What is CVE-2008-7168?
CVE-2008-7168 is a vulnerability with a CVSS score of 9.3 (HIGH). Insecure method vulnerability in the UUSee UUUpgrade ActiveX control (UUUpgrade.ocx 3.0.2.12) allows remote attackers to force the download and overwrite of arbitrary files via crafted arguments to th...
How severe is CVE-2008-7168?
CVE-2008-7168 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-7168?
Check the references section above for vendor advisories and patch information. Affected products include: Uusee Uusee, Uusee Uuupgrade.Ocx.