CVE-2010-0189

Sažetak

A certain ActiveX control in NOS Microsystems getPlus Download Manager (aka DLM or Downloader) 1.5.2.35, as used in Adobe Download Manager, improperly validates requests involving web sites that are not in subdomains, which allows remote attackers to force the download and installation of arbitrary programs via a crafted name for a download site.

Reference

http://aviv.raffon.net/2010/02/18/SkeletonsInAdobesSecurityCloset.aspx
http://blogs.adobe.com/psirt/2010/02/adobe_download_manager_issue.html
http://blogs.zdnet.com/security/?p=5505
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=856
http://secunia.com/advisories/38729
http://securitytracker.com/id?1023651
http://www.adobe.com/support/security/bulletins/apsb10-08.html
http://www.akitasecurity.nl/advisory.php?id=AK20090401
http://www.osvdb.org/62547
http://www.securityfocus.com/bid/38313
http://www.vupen.com/english/advisories/2010/0459
https://exchange.xforce.ibmcloud.com/vulnerabilities/56370
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7182

CVSS

Base:	9.3
Impact:	10.0
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:M/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

19-09-2017 - 01:30

Objavljeno

23-02-2010 - 20:30