CVE-2008-7168

Name of the Vulnerable Software and Affected Versions UUSee UUUpgrade version 3.0.2.12

Description The issue is related to an insecure method in the UUSee UUUpgrade ActiveX control. This allows remote attackers to force the download and overwrite of arbitrary files via crafted arguments to the Update method. The issue has been exploited in the wild.

Recommendations For version 3.0.2.12, consider disabling the Update method in the UUUpgrade ActiveX control until a patch is available. Restrict access to the UUUpgrade.ocx file to minimize the risk of exploitation.