CVE-2008-3957

Exploit

EPSS 34.45%
Veröffentlicht 11.09.2008 01:13:47
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

The Microsoft Windows Image Acquisition Logger ActiveX control allows remote attackers to force the download of arbitrary files onto a client system via a URL in the first argument to the Open method, in conjunction with a full destination pathname in the first argument to the Save method.  NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Microsoft ≫ Windows Image Acquisition Logger

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	34.45%	0.969

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.3	8.6	10	AV:N/AC:M/Au:N/C:C/I:C/A:C

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.securityfocus.com/bid/31069

Exploit

http://www.securityfocus.com/data/vulnerabilities/exploits/31069

https://exchange.xforce.ibmcloud.com/vulnerabilities/45015

https://nvd.nist.gov/vuln/detail/CVE-2008-3957

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2008-3957

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2008-3957

EUVD