Summary
This host is running Ultra Office Control, which is prone to multiple vulnerabilities.
Impact
Successful exploitation will allow execution of arbitrary code, stack-based buffer overflow, can overwrite arbitrary files on the vulnerable system by tricking a user into visiting a malicious website.
Impact Level : Application
Solution
No solution or patch was made available for at least one year since disclosure of this vulnerability. Likely none will be provided anymore.
General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one.
A workaround is to Set a kill bit for the CLSID {00989888-BB72-4E31-A7C6-5F819C24D2F7}
Insight
Error exists when handling parameters received by the HttpUpload() and Save() methods in OfficeCtrl.ocx file.
Affected
Ultra Office Control 2.x and prior versions on Windows (All).
References
Severity
Classification
-
CVE CVE-2008-3878 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Google Chrome Multiple Denial of Service Vulnerabilities - January12 (Mac OS X)
- Adobe Flash Media Server Memory Corruption Remote Denial of Service Vulnerability
- Adobe Digital Edition Denial of Service Vulnerability (Windows)
- Adobe Reader Denial of Service Vulnerability (May09)
- Google Chrome Multiple Denial of Service Vulnerabilities - February 11(Windows)