cbcvebase.
CVE-2008-7168
published 2009-09-08

CVE-2008-7168: Insecure method vulnerability in the UUSee UUUpgrade ActiveX control (UUUpgrade.ocx 3.0.2.12) allows remote attackers to force the download and overwrite of…

PriorityP269critical9.3CVSS 2.0
AVNACMAuNCCICAC
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
5.65%
92.0th percentile
Insecure method vulnerability in the UUSee UUUpgrade ActiveX control (UUUpgrade.ocx 3.0.2.12) allows remote attackers to force the download and overwrite of arbitrary files via crafted arguments to the Update method, as exploited in the wild in June 2009.

Affected

2 ranges
VendorProductVersion rangeFixed in
uuseeuusee
uuseeuuupgrade.ocx

Detection & IOCsextracted from sources · hover to see the quote

filenameUUUpgrade.ocx
path\Program Files\Common Files\uusee\
commandtarget.Update arg1 ,arg2 ,arg3 ,arg4
  • Monitor for ActiveX instantiation of UUUpgrade.ocx (version 3.0.2.12) in browser processes, particularly invocation of the 'Update' method with remote URL arguments.
  • Alert on file writes to '\Program Files\Common Files\uusee\' originating from browser or ActiveX host processes, which may indicate exploitation delivering a malicious payload.
  • Look for HTTP requests to paths matching the pattern '/mini3/uusee_client_update/remark.php' as this URL pattern was used in the wild exploitation to stage the update callback.
  • This vulnerability was actively exploited in the wild in June 2009; prioritize detection on systems with UUSee 2008 installed.
  • ·The URLs in the exploit PoC (example.com / example2.com) are placeholder demonstration values substituted for the real attacker infrastructure; actual malicious URLs observed in the wild will differ.
  • ·While UUSee 2008 with UUUpgrade.ocx 3.0.2.12 is the confirmed vulnerable version, other versions may also be affected.

CVSS provenance

nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vulncheck9.3CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.