Ultra Office Control 'Save()' Method Arbitrary File Overwrite Vulnerability

Bugtraq ID:	30863
Class:	Input Validation Error
CVE:	CVE-2008-3879
Remote:	Yes
Local:	No
Published:	Aug 27 2008 12:00AM
Updated:	May 07 2015 05:24PM
Credit:	Shinnai
Vulnerable:	Ultra Shareware Ultra Office Control 2.0.2008.501
Not Vulnerable:

Ultra Office Control 'Save()' Method Arbitrary File Overwrite Vulnerability

Ultra Office Control is prone to a vulnerability that lets attackers overwrite files with arbitrary, attacker-controlled content. The issue occurs because the control fails to sanitize user-supplied input.

Successful exploits may allow attackers to compromise affected computers.

Ultra Office Control 2.0.2008.501 is vulnerable; other versions may also be affected.

Ultra Office Control 'Save()' Method Arbitrary File Overwrite Vulnerability

To exploit this issue, an attacker must entice an unsuspecting victim into viewing a malicious web page.

The following example exploit code is available:

• /data/vulnerabilities/exploits/30863.html

Ultra Office Control 'Save()' Method Arbitrary File Overwrite Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Ultra Office Control 'Save()' Method Arbitrary File Overwrite Vulnerability

References:

• Microsoft Knowledge Base Article 240797 (Microsoft)
  
• Ultra Office ActiveX Control Remote Arbitrary File Corruption (Shinnai)
  
• Ultra Office Control Homepage (Ultra Shareware)