PT-2008-5213 · Unknown · Ultra Office Control
Shinnai
·
Published
2008-09-02
·
Updated
2024-02-14
·
CVE-2008-3878
CVSS v2.0
9.3
High
| Vector | AV:N/AC:M/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Ultra Office Control version 2.0.2008.801
Description
The issue is a stack-based buffer overflow in the Ultra.OfficeControl ActiveX control. This occurs when the
strUrl, strFile, and strPostData parameters to the HttpUpload() method are overly long, allowing remote attackers to execute arbitrary code.Recommendations
For Ultra Office Control version 2.0.2008.801, consider disabling the
HttpUpload() method until a patch is available to prevent exploitation. Restrict access to the Ultra.OfficeControl ActiveX control to minimize the risk of arbitrary code execution. Avoid using the strUrl, strFile, and strPostData parameters in the HttpUpload() method until the issue is resolved.Exploit
Fix
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ultra Office Control