• IDP Daily Update #1321
  posted: 12/02/08
  
• NSM Daily Update #1321
  posted: 12/02/08
  
• Deep Inspection 5.3r5 and above, 5.4, 6.0 #1321
  posted: 12/02/08
  
• Deep Inspection 5.1, 5.2, 5.3r4 and below #1300
  posted: 12/02/08
  
• Deep Inspection 5.0 #1132
  posted: 04/01/08
  
• Antivirus
  posted: 12/01/08

Text Size:        

• Product Information
• Security Products Overview
• Juniper Networks ISG Series
• IDP Demo
• Product Poster & Z-Card 

Title: Ultra Office Control 'Save()' Method Arbitrary File Overwrite Vulnerability

Severity: HIGH

Description:

Ultra Office Control is an ActiveX control that allows users to open, view, and edit Microsoft Office documents in a web browser.

Ultra Office Control is prone to a vulnerability that lets attackers overwrite files. This issue affects the 'Save()' method of the 'OfficeCtrl.ocx' ActiveX control identified by CLSID:

00989888-BB72-4e31-A7C6-5F819C24D2F7

Specifically, by using the 'SaveAsDocument' feature, attackers can overwrite arbitrary files on the affected computer.

Successful exploits may allow attackers to compromise affected computers.

Ultra Office Control 2.0.2008.501 is vulnerable; other versions may also be affected.

Affected Products:

• Ultra Shareware Ultra Office Control 2.0.2008.501

References:

• Microsoft: Microsoft Knowledge Base Article 240797
• Shinnai: Ultra Office ActiveX Control Remote Arbitrary File Corruption
• Ultra Shareware: Ultra Office Control Homepage