MS.Digital.Image.PicturePusher.ActiveX.Arbitrary.File.Download
Description
This indicates an attack attempt to exploit an arbitrary file downloading vulnerability in Microsoft PicturePusher ActiveX control.
The vulnerability is located in the "PipPPush.DLL" ActiveX control through
misuse of the AddString() method. It may allow remote attackers to upload
arbitrary file in the target sever using the affected ActiveX control.
Affected Products
Microsoft PipPPush.dll 7.0.709
Microsoft Digital Image Suite 2006
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Disable this ActiveX Control by setting its kill bit.
http://support.microsoft.com/kb/240797
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |
Version Updates
Date | Version | Detail |
---|---|---|
2021-01-11 | 16.995 | |
2020-10-27 | 16.950 | Name:MS. PicturePusher. ActiveX. Control. AddString. Method. Access:MS. Digital. Image. PicturePusher. ActiveX. Arbitrary. File. Download |