CyberSec.Space Logo
返回 CVE 浏览器

CVE-2008-4493

MEDIUM
6.8
CVSS Severity Score
EPSS Score0.1440%
EPSS Percentile27.39th
Published2008年10月8日
Last Modified2026年4月23日

Vulnerability Description

Microsoft PicturePusher ActiveX control (PipPPush.DLL 7.00.0709), as used in Microsoft Digital Image 2006 Starter Edition, allows remote attackers to force the upload of arbitrary files by using the AddString and Post methods and a modified PostURL to construct an HTTP POST request. NOTE: this issue might only be exploitable in limited environments or non-default browser settings.

Affected Platforms (CPE)

📦
Microsoft

Digital Image

= 2006

References & Advisories

🔗 http://securityreason.com/securityalert/4376
🔗 http://www.securityfocus.com/bid/31632
🔗 http://www.securitytracker.com/id?1021018
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/45735
🔗 https://www.exploit-db.com/exploits/6699
🔗 http://securityreason.com/securityalert/4376
🔗 http://www.securityfocus.com/bid/31632
🔗 http://www.securitytracker.com/id?1021018

相关漏洞威胁

CVE-2020-283329.8

Barco wePresent WiPG-1600W devices download code without an Integrity Check. Affected Version(s): 2.5.1.8, 2.5.0.25, 2.5.0.24, 2.4...

CVE-2017-30899.8

Adobe Digital Editions versions 4.5.4 and earlier have an exploitable memory corruption vulnerability in the PDF imaging model. Su...

CVE-2007-53489.3

Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1...

CVE-2008-30149.3

Buffer overflow in gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vist...