Vulnerabilities > CVE-2008-7168 - Unspecified vulnerability in Uusee and Uuupgrade.Ocx

047910
CVSS 9.3 - CRITICAL
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
uusee
critical
exploit available

Summary

Insecure method vulnerability in the UUSee UUUpgrade ActiveX control (UUUpgrade.ocx 3.0.2.12) allows remote attackers to force the download and overwrite of arbitrary files via crafted arguments to the Update method, as exploited in the wild in June 2009.

Vulnerable Configurations

Part Description Count
Application
Uusee
2

Exploit-Db

descriptionUUSee 2008 UUUpgrade ActiveX Control 'Update' Method Arbitrary File Download Vulnerability. CVE-2008-7168. Remote exploit for windows platform
idEDB-ID:31980
last seen2016-02-03
modified2008-06-26
published2008-06-26
reporterSymantec
sourcehttps://www.exploit-db.com/download/31980/
titleUUSee 2008 UUUpgrade ActiveX Control 'Update' Method Arbitrary File Download Vulnerability