Vulnerability Details : CVE-2008-0492
Public exploit exists!
Stack-based buffer overflow in the Persits.XUpload.2 ActiveX control in XUpload.ocx 3.0.0.4 and earlier in Persits XUpload 3.0 allows remote attackers to execute arbitrary code via a long argument to the AddFile method. NOTE: some of these details are obtained from third party information.
Vulnerability category: OverflowExecute code
Exploit prediction scoring system (EPSS) score for CVE-2008-0492
Probability of exploitation activity in the next 30 days: 90.24%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 98 % EPSS Score History EPSS FAQ
Metasploit modules for CVE-2008-0492
-
Persits XUpload ActiveX AddFile Buffer Overflow
Disclosure Date: 2008-01-25First seen: 2020-04-26exploit/windows/browser/hp_loadrunner_addfileThis module exploits a stack buffer overflow in Persits Software Inc's XUpload ActiveX control(version 3.0.0.3) thats included in HP LoadRunner 9.5. By passing an overly long string to the AddFile method, an attacker may be able to execute arbitrary code. Au
CVSS scores for CVE-2008-0492
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
CWE ids for CVE-2008-0492
-
The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2008-0492
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/39967
-
http://www.securityfocus.com/bid/27456
Persits Software XUpload 'AddFile()' Method ActiveX Control Remote Buffer Overflow VulnerabilityExploit
-
http://www.vupen.com/english/advisories/2008/0315
-
https://www.exploit-db.com/exploits/4987
Persits XUpload 3.0 - 'AddFile()' Remote Buffer Overflow - Windows remote Exploit
Products affected by CVE-2008-0492
- cpe:2.3:a:persits:xupload:3.0:*:*:*:*:*:*:*