Test ID:	1.3.6.1.4.1.25623.1.0.900208
Category:	Denial of Service
Title:	Ultra Office ActiveX Control Multiple Vulnerabilities
Summary:	Ultra Office Control is prone to multiple vulnerabilities.
Description:	Summary: Ultra Office Control is prone to multiple vulnerabilities. Vulnerability Insight: Error exists when handling parameters received by the HttpUpload() and Save() methods in OfficeCtrl.ocx file. Vulnerability Impact: Successful exploitation will allow execution of arbitrary code, stack-based buffer overflow, can overwrite arbitrary files on the vulnerable system by tricking a user into visiting a malicious website. Affected Software/OS: Ultra Office Control 2.x and prior versions on Windows (All). Solution: No known solution was made available for at least one year since the disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2008-3878 BugTraq ID: 30861 http://www.securityfocus.com/bid/30861 https://www.exploit-db.com/exploits/6318 http://www.shinnai.net/index.php?mod=02_Forum&group=Security&argument=Remote_performed_exploits&topic=1219826651.ff.php http://www.shinnai.net/xplits/TXT_RvfuIrwypWLMaiVn33Iy.html http://secunia.com/advisories/31632 http://securityreason.com/securityalert/4200 XForce ISS Database: uoc-ultraofficecontrol-bo(44749) https://exchange.xforce.ibmcloud.com/vulnerabilities/44749
Copyright	Copyright (C) 2008 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.