Published: 11/09/2008 Updated: 08/08/2017

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

VMScore: 940

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

The Microsoft Windows Image Acquisition Logger ActiveX control allows remote malicious users to force the download of arbitrary files onto a client system via a URL in the first argument to the Open method, in conjunction with a full destination pathname in the first argument to the Save method. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Vulnerable Product	Search on Vulmon	Subscribe to Product
microsoft windows image acquisition logger

source: wwwsecurityfocuscom/bid/31069/info Microsoft Windows Image Acquisition Logger ActiveX control is prone to a vulnerability that lets attackers overwrite files with arbitrary, attacker-controlled content The issue occurs because the control fails to sanitize user-supplied input An attacker can exploit this issue to overwrite file ...

source: wwwsecurityfocuscom/bid/31069/info Microsoft Windows Image Acquisition Logger ActiveX control is prone to a vulnerability that lets attackers overwrite files with arbitrary, attacker-controlled content The issue occurs because the control fails to sanitize user-supplied input An attacker can exploit this issue to overwrite fi ...

CWE-20 http://www.securityfocus.com/data/vulnerabilities/exploits/31069 http://www.securityfocus.com/bid/31069 https://exchange.xforce.ibmcloud.com/vulnerabilities/45015 https://nvd.nist.gov https://www.exploit-db.com/exploits/32344/

CVE-2008-3957

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect