CVE-2008-7168
published 2009-09-08CVE-2008-7168: Insecure method vulnerability in the UUSee UUUpgrade ActiveX control (UUUpgrade.ocx 3.0.2.12) allows remote attackers to force the download and overwrite of…
PriorityP269critical9.3CVSS 2.0
AVNACMAuNCCICAC
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
5.65%
92.0th percentile
Insecure method vulnerability in the UUSee UUUpgrade ActiveX control (UUUpgrade.ocx 3.0.2.12) allows remote attackers to force the download and overwrite of arbitrary files via crafted arguments to the Update method, as exploited in the wild in June 2009.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| uusee | uusee | — | — |
| uusee | uuupgrade.ocx | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for ActiveX instantiation of UUUpgrade.ocx (version 3.0.2.12) in browser processes, particularly invocation of the 'Update' method with remote URL arguments. ↗
- →Alert on file writes to '\Program Files\Common Files\uusee\' originating from browser or ActiveX host processes, which may indicate exploitation delivering a malicious payload. ↗
- →Look for HTTP requests to paths matching the pattern '/mini3/uusee_client_update/remark.php' as this URL pattern was used in the wild exploitation to stage the update callback. ↗
- →This vulnerability was actively exploited in the wild in June 2009; prioritize detection on systems with UUSee 2008 installed. ↗
- ·The URLs in the exploit PoC (example.com / example2.com) are placeholder demonstration values substituted for the real attacker infrastructure; actual malicious URLs observed in the wild will differ. ↗
- ·While UUSee 2008 with UUUpgrade.ocx 3.0.2.12 is the confirmed vulnerable version, other versions may also be affected. ↗
CVSS provenance
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vulncheck9.3CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-v98p-5p6g-589f: Insecure method vulnerability in the UUSee UUUpgrade ActiveX control (UUUpgrade
ghsa_unreviewed·2022-05-17
CVE-2008-7168 [HIGH] GHSA-v98p-5p6g-589f: Insecure method vulnerability in the UUSee UUUpgrade ActiveX control (UUUpgrade
Insecure method vulnerability in the UUSee UUUpgrade ActiveX control (UUUpgrade.ocx 3.0.2.12) allows remote attackers to force the download and overwrite of arbitrary files via crafted arguments to the Update method, as exploited in the wild in June 2009.
VulnCheck
UUSee UUUpgrade ActiveX control Remote File Manipulation
vulncheck·2008·CVSS 9.3
CVE-2008-7168 [CRITICAL] UUSee UUUpgrade ActiveX control Remote File Manipulation
UUSee UUUpgrade ActiveX control Remote File Manipulation
Insecure method vulnerability in the UUSee UUUpgrade ActiveX control (UUUpgrade.ocx 3.0.2.12) allows remote attackers to force the download and overwrite of arbitrary files via crafted arguments to the Update method, as exploited in the wild in June 2009.
Affected: uusee uusee
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://nvd.nist.gov/vuln/detail/CVE-2008-7168; https://www.cve.org/CVERecord?id=CVE-2008-7168
No detection rules found.
No writeups or analysis indexed.
http://downloads.securityfocus.com/vulnerabilities/exploits/29963.htmlhttp://www.securityfocus.com/bid/29963https://exchange.xforce.ibmcloud.com/vulnerabilities/43428http://downloads.securityfocus.com/vulnerabilities/exploits/29963.htmlhttp://www.securityfocus.com/bid/29963https://exchange.xforce.ibmcloud.com/vulnerabilities/43428
2009-09-08
Published
Exploited in the wild