{"api_version":"1","generated_at":"2026-04-26T12:10:42+00:00","cve":"CVE-2008-6496","urls":{"html":"https://cve.report/CVE-2008-6496","api":"https://cve.report/api/cve/CVE-2008-6496.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2008-6496","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2008-6496"},"summary":{"title":"CVE-2008-6496","description":"Insecure method vulnerability in the VSPDFEditorX.VSPDFEdit ActiveX control in VSPDFEditorX.ocx 1.0.200.0 in VISAGESOFT eXPert PDF EditorX allows remote attackers to create or overwrite arbitrary files via the first argument to the extractPagesToFile method.","state":"PUBLISHED","assigner":"mitre","published_at":"2009-03-20 00:30:00","updated_at":"2026-04-23 00:35:47"},"problem_types":["CWE-264","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"8.8","severity":"","vector":"AV:N/AC:M/Au:N/C:N/I:C/A:C","data":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:C/A:C","baseScore":8.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"}}],"references":[{"url":"https://www.exploit-db.com/exploits/7358","name":"https://www.exploit-db.com/exploits/7358","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Visagesoft eXPert PDF EditorX - 'VSPDFEditorX.ocx' Insecure Method - Windows dos Exploit","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/47166","name":"https://exchange.xforce.ibmcloud.com/vulnerabilities/47166","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/32664","name":"http://www.securityfocus.com/bid/32664","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit"],"title":"Visagesoft eXPert PDF EditorX ActiveX Control Arbitrary File Overwrite Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://secunia.com/advisories/32990","name":"http://secunia.com/advisories/32990","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"eXPert PDF EditorX ActiveX Control \"extractPagesToFile()\" Insecure Method - Secunia Advisories - Vulnerability Information - Secunia.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2008-6496","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2008-6496","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2008","cve_id":"6496","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"visagesoft","cpe5":"expert_pdf_editorx","cpe6":"1.0.200.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-07T11:34:46.888Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"7358","tags":["exploit","x_refsource_EXPLOIT-DB","x_transferred"],"url":"https://www.exploit-db.com/exploits/7358"},{"name":"32990","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/32990"},{"name":"expertpdfeditorx-activex-file-overwrite(47166)","tags":["vdb-entry","x_refsource_XF","x_transferred"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/47166"},{"name":"32664","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/32664"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2008-12-05T00:00:00.000Z","descriptions":[{"lang":"en","value":"Insecure method vulnerability in the VSPDFEditorX.VSPDFEdit ActiveX control in VSPDFEditorX.ocx 1.0.200.0 in VISAGESOFT eXPert PDF EditorX allows remote attackers to create or overwrite arbitrary files via the first argument to the extractPagesToFile method."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2017-09-28T12:57:01.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"name":"7358","tags":["exploit","x_refsource_EXPLOIT-DB"],"url":"https://www.exploit-db.com/exploits/7358"},{"name":"32990","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/32990"},{"name":"expertpdfeditorx-activex-file-overwrite(47166)","tags":["vdb-entry","x_refsource_XF"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/47166"},{"name":"32664","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/32664"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2008-6496","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Insecure method vulnerability in the VSPDFEditorX.VSPDFEdit ActiveX control in VSPDFEditorX.ocx 1.0.200.0 in VISAGESOFT eXPert PDF EditorX allows remote attackers to create or overwrite arbitrary files via the first argument to the extractPagesToFile method."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"7358","refsource":"EXPLOIT-DB","url":"https://www.exploit-db.com/exploits/7358"},{"name":"32990","refsource":"SECUNIA","url":"http://secunia.com/advisories/32990"},{"name":"expertpdfeditorx-activex-file-overwrite(47166)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/47166"},{"name":"32664","refsource":"BID","url":"http://www.securityfocus.com/bid/32664"}]}}}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2008-6496","datePublished":"2009-03-20T00:00:00.000Z","dateReserved":"2009-03-19T00:00:00.000Z","dateUpdated":"2024-08-07T11:34:46.888Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2009-03-20 00:30:00","lastModifiedDate":"2026-04-23 00:35:47","problem_types":["CWE-264","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:C/A:C","baseScore":8.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.6,"impactScore":9.2,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:visagesoft:expert_pdf_editorx:1.0.200.0:*:*:*:*:*:*:*","matchCriteriaId":"D2266812-D642-4BDB-B52E-EC244704617F"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2008","CveId":"6496","Ordinal":"1","Title":"CVE-2008-6496","CVE":"CVE-2008-6496","Year":"2008"},"notes":[{"CveYear":"2008","CveId":"6496","Ordinal":"1","NoteData":"Insecure method vulnerability in the VSPDFEditorX.VSPDFEdit ActiveX control in VSPDFEditorX.ocx 1.0.200.0 in VISAGESOFT eXPert PDF EditorX allows remote attackers to create or overwrite arbitrary files via the first argument to the extractPagesToFile method.","Type":"Description","Title":"CVE-2008-6496"},{"CveYear":"2008","CveId":"6496","Ordinal":"2","NoteData":"2009-03-19","Type":"Other","Title":"Published"},{"CveYear":"2008","CveId":"6496","Ordinal":"3","NoteData":"2017-09-28","Type":"Other","Title":"Modified"}]}}}