CyberSec.Space Logo
Back to CVE Browser

CVE-2008-4493

MEDIUM
6.8
CVSS Severity Score
EPSS Score0.1440%
EPSS Percentile27.39th
PublishedOct 8, 2008
Last ModifiedApr 23, 2026

Vulnerability Description

Microsoft PicturePusher ActiveX control (PipPPush.DLL 7.00.0709), as used in Microsoft Digital Image 2006 Starter Edition, allows remote attackers to force the upload of arbitrary files by using the AddString and Post methods and a modified PostURL to construct an HTTP POST request. NOTE: this issue might only be exploitable in limited environments or non-default browser settings.

Affected Platforms (CPE)

πŸ“¦
Microsoft

Digital Image

= 2006

References & Advisories

πŸ”— http://securityreason.com/securityalert/4376
πŸ”— http://www.securityfocus.com/bid/31632
πŸ”— http://www.securitytracker.com/id?1021018
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/45735
πŸ”— https://www.exploit-db.com/exploits/6699
πŸ”— http://securityreason.com/securityalert/4376
πŸ”— http://www.securityfocus.com/bid/31632
πŸ”— http://www.securitytracker.com/id?1021018

Related Vulnerabilities

CVE-2020-283329.8

Barco wePresent WiPG-1600W devices download code without an Integrity Check. Affected Version(s): 2.5.1.8, 2.5.0.25, 2.5.0.24, 2.4...

CVE-2017-30899.8

Adobe Digital Editions versions 4.5.4 and earlier have an exploitable memory corruption vulnerability in the PDF imaging model. Su...

CVE-2007-53489.3

Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1...

CVE-2008-30149.3

Buffer overflow in gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vist...