Zero-day Vulnerability Database

Change view

Zero-day vulnerabilities discovered: 1

Remote code execution in UUSee UUUpgrade.ocx ActiveX control
CVE-2008-7168

Unsafe ActiveX method

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to insufficient validation of arguments passed to the "Update()"  method in UUUpgrade.ocx ActiveX control. A remote attacker can trick the victim to visit a specially crafted website and upload malicious file into arbitrary location on victim's computer.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Note: this vulnerability was being actively exploited in the wild.
Not patched
i

The vulnerability exploitation was detected in the wild by Symantec team via Honeypot Analysis.

Software: UUSee UUUpgrade ActiveX control

The vulnerability exploitation was detected in the wild by Symantec team via Honeypot Analysis.