Vulnerability Details : CVE-2008-0492
Public exploit exists!
Stack-based buffer overflow in the Persits.XUpload.2 ActiveX control in XUpload.ocx 3.0.0.4 and earlier in Persits XUpload 3.0 allows remote attackers to execute arbitrary code via a long argument to the AddFile method. NOTE: some of these details are obtained from third party information.
Vulnerability category: OverflowExecute code
Products affected by CVE-2008-0492
- cpe:2.3:a:persits:xupload:3.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2008-0492
66.66%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 98 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2008-0492
-
Persits XUpload ActiveX AddFile Buffer Overflow
Disclosure Date: 2008-01-25First seen: 2020-04-26exploit/windows/browser/hp_loadrunner_addfileThis module exploits a stack buffer overflow in Persits Software Inc's XUpload ActiveX control(version 3.0.0.3) thats included in HP LoadRunner 9.5. By passing an overly long string to the AddFile method, an attacker may be able to execute arbitrary code. Au
CVSS scores for CVE-2008-0492
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
CWE ids for CVE-2008-0492
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2008-0492
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/39967
-
http://www.securityfocus.com/bid/27456
Persits Software XUpload 'AddFile()' Method ActiveX Control Remote Buffer Overflow VulnerabilityExploit
-
http://www.vupen.com/english/advisories/2008/0315
-
https://www.exploit-db.com/exploits/4987
Persits XUpload 3.0 - 'AddFile()' Remote Buffer Overflow - Windows remote Exploit
-
http://secunia.com/advisories/28660
Vendor Advisory
Jump to