{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-06-26T00:00:00", "descriptions": [{"lang": "en", "value": "Insecure method vulnerability in the UUSee UUUpgrade ActiveX control (UUUpgrade.ocx 3.0.2.12) allows remote attackers to force the download and overwrite of arbitrary files via crafted arguments to the Update method, as exploited in the wild in June 2009."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-16T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "29963", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/29963"}, {"tags": ["x_refsource_MISC"], "url": "http://downloads.securityfocus.com/vulnerabilities/exploits/29963.html"}, {"name": "uusee-uuupgrade-update-file-overwrite(43428)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43428"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-7168", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Insecure method vulnerability in the UUSee UUUpgrade ActiveX control (UUUpgrade.ocx 3.0.2.12) allows remote attackers to force the download and overwrite of arbitrary files via crafted arguments to the Update method, as exploited in the wild in June 2009."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "29963", "refsource": "BID", "url": "http://www.securityfocus.com/bid/29963"}, {"name": "http://downloads.securityfocus.com/vulnerabilities/exploits/29963.html", "refsource": "MISC", "url": "http://downloads.securityfocus.com/vulnerabilities/exploits/29963.html"}, {"name": "uusee-uuupgrade-update-file-overwrite(43428)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43428"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T11:56:14.394Z"}, "title": "CVE Program Container", "references": [{"name": "29963", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/29963"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://downloads.securityfocus.com/vulnerabilities/exploits/29963.html"}, {"name": "uusee-uuupgrade-update-file-overwrite(43428)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43428"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-7168", "datePublished": "2009-09-08T10:00:00", "dateReserved": "2009-09-07T00:00:00", "dateUpdated": "2024-08-07T11:56:14.394Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:uusee:uusee:4.0.0.32_2008:*:*:*:*:*:*:*", "matchCriteriaId": "71CE4A8E-ED35-4431-9AB3-315CD591F393", "vulnerable": true}, {"criteria": "cpe:2.3:a:uusee:uuupgrade.ocx:3.0.2.12:*:*:*:*:*:*:*", "matchCriteriaId": "4688E322-FFD2-47E0-8B64-A9BEB504A8CC", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Insecure method vulnerability in the UUSee UUUpgrade ActiveX control (UUUpgrade.ocx 3.0.2.12) allows remote attackers to force the download and overwrite of arbitrary files via crafted arguments to the Update method, as exploited in the wild in June 2009."}, {"lang": "es", "value": "Vulnerabilidad de m\u00e9todo inseguro en el control UUSee UUUpgrade ActiveX (UUUpgrade.ocx v3.0.2.12) permite a atacantes remotos forzar la descarga y sobreescritura de archivos a trav\u00e9s de argumentos manipulados en el m\u00e9todo Update, como se ha explotado p\u00fablicamente en Junio 2009."}], "id": "CVE-2008-7168", "lastModified": "2017-08-17T01:29:52.037", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2009-09-08T10:30:01.327", "references": [{"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://downloads.securityfocus.com/vulnerabilities/exploits/29963.html"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/29963"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43428"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}