// For flags

CVE-2008-4919

Visagesoft eXPert PDF ViewerX - 'VSPDFViewerX.ocx' File Overwrite

Severity Score

8.8
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

2
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Insecure method vulnerability in VISAGESOFT eXPert PDF Viewer X ActiveX control (VSPDFViewerX.ocx) 3.0.990.0 allows remote attackers to overwrite arbitrary files via a full pathname to the savePageAsBitmap method.

Vulnerabilidad de método no seguro en el control ActiveX de VISAGESOFT eXPert PDF Viewer X (VSPDFViewerX.ocx) v3.0.990.0; permite a atacantes remotos sobrescribir ficheros de su elección a través de un nombre de ruta completo al método savePageAsBitmap.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
None
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2008-11-04 CVE Reserved
  • 2008-11-04 CVE Published
  • 2024-08-07 CVE Updated
  • 2024-08-07 First Exploit
  • 2024-11-10 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-20: Improper Input Validation
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Visagesoft
Search vendor "Visagesoft"
 Expert Pdf Viewer Activex
Search vendor "Visagesoft" for product "Expert Pdf Viewer Activex"
 3.0.990.0
Search vendor "Visagesoft" for product "Expert Pdf Viewer Activex" and version "3.0.990.0"
-
Affected