CVE-2008-3957

Exploit

EPSS 34.45%
Published 11.09.2008 01:13:47
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

The Microsoft Windows Image Acquisition Logger ActiveX control allows remote attackers to force the download of arbitrary files onto a client system via a URL in the first argument to the Open method, in conjunction with a full destination pathname in the first argument to the Save method.  NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Affected products Warnungen 0 Metrics 2 CWE 1 References 6

Data is provided by the National Vulnerability Database (NVD)

Microsoft ≫ Windows Image Acquisition Logger

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	34.45%	0.969

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.3	8.6	10	AV:N/AC:M/Au:N/C:C/I:C/A:C

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.securityfocus.com/bid/31069

Exploit

http://www.securityfocus.com/data/vulnerabilities/exploits/31069

https://exchange.xforce.ibmcloud.com/vulnerabilities/45015

https://nvd.nist.gov/vuln/detail/CVE-2008-3957

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2008-3957

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2008-3957

EUVD