cve/2008/CVE-2008-3879.md

CVE-2008-3879

Description

The Ultra.OfficeControl ActiveX control in OfficeCtrl.ocx 2.0.2008.801 and earlier in Ultra Shareware Ultra Office Control allows remote attackers to force the download of arbitrary files onto a client system via a URL in the first argument to the Open method, in conjunction with a full destination pathname in the first argument (SaveAsDocument argument) to the Save method.

POC

Reference

• http://securityreason.com/securityalert/4201
• https://www.exploit-db.com/exploits/6319

Github

No PoCs found on GitHub currently.