CVE-2008-0492 : Stack-based buffer overflow in the Persits.XUpload.2 ActiveX control in XUpload.

Stack-based buffer overflow in the Persits.XUpload.2 ActiveX control in XUpload.ocx 3.0.0.4 and earlier in Persits XUpload 3.0 allows remote attackers to execute arbitrary code via a long argument to the AddFile method. NOTE: some of these details are obtained from third party information.

Published 2008-01-30 22:00:00

Updated 2025-04-09 00:30:58

Source MITRE

View at NVD, CVE.org

Vulnerability category: OverflowExecute code

Products affected by CVE-2008-0492

Persits » Xupload » Version: 3.0
cpe:2.3:a:persits:xupload:3.0:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2008-0492

EPSS FAQ

66.66%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 98 %

Percentile, the proportion of vulnerabilities that are scored at or less

Metasploit modules for CVE-2008-0492

Persits XUpload ActiveX AddFile Buffer Overflow

Disclosure Date: 2008-01-25

First seen: 2020-04-26

exploit/windows/browser/hp_loadrunner_addfile

This module exploits a stack buffer overflow in Persits Software Inc's XUpload ActiveX control(version 3.0.0.3) thats included in HP LoadRunner 9.5. By passing an overly long string to the AddFile method, an attacker may be able to execute arbitrary code. Au

More information

CVSS scores for CVE-2008-0492

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
6.8	MEDIUM	AV:N/AC:M/Au:N/C:P/I:P/A:P	8.6	6.4	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

CWE ids for CVE-2008-0492

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2008-0492

https://exchange.xforce.ibmcloud.com/vulnerabilities/39967
http://www.securityfocus.com/bid/27456

Persits Software XUpload 'AddFile()' Method ActiveX Control Remote Buffer Overflow Vulnerability
Exploit
http://www.vupen.com/english/advisories/2008/0315
https://www.exploit-db.com/exploits/4987

Persits XUpload 3.0 - 'AddFile()' Remote Buffer Overflow - Windows remote Exploit
http://secunia.com/advisories/28660

Vendor Advisory

Jump to