CVE-2008-6496

Severity CVSS v4.0:

Pending analysis

Type:

CWE-264 Permissions, Privileges, and Access Control

Publication date:

20/03/2009

Last modified:

29/09/2017

Description

Insecure method vulnerability in the VSPDFEditorX.VSPDFEdit ActiveX control in VSPDFEditorX.ocx 1.0.200.0 in VISAGESOFT eXPert PDF EditorX allows remote attackers to create or overwrite arbitrary files via the first argument to the extractPagesToFile method.

Impact

Vector 2.0

AV:N/AC:M/Au:N/C:N/I:C/A:C CVSS v2.0 Severity and Metrics:

Base Score: 8.80 HIGH
Vector: AV:N/AC:M/Au:N/C:N/I:C/A:C

Attack Vector (AV): Network
Attack Complexity (AC): Medium
Authentication (Au): None
Confidentiality (C): None
Integrity (I): Complete
Availability (A): Complete