CVE-2008-4749

VImpX.VImpAX ActiveX control <4.8.8.0 - RCE

Title source: llm

Description

Multiple insecure method vulnerabilities in the VImpX.VImpAX ActiveX control (VImpX.ocx) 4.8.8.0 in DB Software Laboratory VImp X, possibly 4.7.7, allow remote attackers to overwrite arbitrary files via (1) the LogFile property and ClearLogFile method, and (2) the SaveToFile method.

Exploits (1)

exploitdb WORKING POC VERIFIED

by shinnai · htmlremotewindows

https://www.exploit-db.com/exploits/6828

View Code ZIP pw:eip

References (4)

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/46096

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/31907

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/6828

[Third Party Advisory] http://securityreason.com/securityalert/4509

Scores

EPSS 0.0512

EPSS Percentile 89.7%

Classification

Status draft

Affected Products (1)

db_soft_lab/vimp_x

Timeline

Published Oct 27, 2008

Tracked Since Feb 18, 2026