CVE-2008-4749

VImpX.VImpAX ActiveX control <4.8.8.0 - RCE

Title source: llm

Description

Multiple insecure method vulnerabilities in the VImpX.VImpAX ActiveX control (VImpX.ocx) 4.8.8.0 in DB Software Laboratory VImp X, possibly 4.7.7, allow remote attackers to overwrite arbitrary files via (1) the LogFile property and ClearLogFile method, and (2) the SaveToFile method.

Exploits (1)

exploitdb WORKING POC VERIFIED

by shinnai · htmlremotewindows

https://www.exploit-db.com/exploits/6828

View Code ZIP pw:eip

References (4)

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/46096

[Third Party Advisory] http://securityreason.com/securityalert/4509

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/6828

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/31907

Scores

EPSS 0.0512

EPSS Percentile 89.9%

Details

Status published

Products (1)

db_soft_lab/vimp_x 4.8.8.0

Published Oct 27, 2008

Tracked Since Feb 18, 2026