KEVIntel
PRO Back to KEVs
9.3
CVSS
High

CVE-2008-7168

PUBLISHED

Insecure method vulnerability in the UUSee UUUpgrade ActiveX control (UUUpgrade.ocx 3.0.2.12) allows remote attackers to force the download and...

Not yet in CISA KEV

Exploited in the wild Remote
Vendor
UUSee
Product
UUUpgrade ActiveX control
Published
Sep 08, 2009
EPSS

Automate This Intelligence with the Pro API

Everything on this page — CVSS, EPSS, exploit status, PoCs, scanner integrations, mentions, tags, and immediate honeypot data — is available programmatically for VM, SOC, and CTI workflows.

Learn about Pro

Description

Insecure method vulnerability in the UUSee UUUpgrade ActiveX control (UUUpgrade.ocx 3.0.2.12) allows remote attackers to force the download and overwrite of arbitrary files via crafted arguments to the Update method, as exploited in the wild in June 2009.

CVSS Scores

CVSS v2.0 9.3 High

AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitation Status

Exploited in the wild

Recorded 2009-09-08 10:00:00 UTC · CVE

References

Known Exploited Vulnerability Sources

Catalogues that list this CVE as a known exploited vulnerability.

Source Added
CVE First 2009-09-08 10:00 UTC

Timeline

  • Added to KEVIntel

  • CVE Published to Public

  • CVE ID Reserved