CVE-2008-3957

EUVD-2008-3942
The Microsoft Windows Image Acquisition Logger ActiveX control allows remote attackers to force the download of arbitrary files onto a client system via a URL in the first argument to the Open method, in conjunction with a full destination pathname in the first argument to the Save method.  NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:C/I:C/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 97%
Affected Products (NVD)
VendorProductVersion
microsoftwindows_image_acquisition_logger
*
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/31069
http://www.securityfocus.com/data/vulnerabilities/exploits/31069
https://exchange.xforce.ibmcloud.com/vulnerabilities/45015
http://www.securityfocus.com/bid/31069
http://www.securityfocus.com/data/vulnerabilities/exploits/31069
https://exchange.xforce.ibmcloud.com/vulnerabilities/45015