CVE-2010-0189

EPSS 2.47%
Veröffentlicht 23.02.2010 20:30:00
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle psirt@adobe.com
CVE-Watchlists
Login
Unerledigt
Login

A certain ActiveX control in NOS Microsystems getPlus Download Manager (aka DLM or Downloader) 1.5.2.35, as used in Adobe Download Manager, improperly validates requests involving web sites that are not in subdomains, which allows remote attackers to force the download and installation of arbitrary programs via a crafted name for a download site.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 16

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Nos Microsystems ≫ Getplus Download Manager Version1.5.2.35

Adobe ≫ Download Manager Version <= 1.6.2.60

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	2.47%	0.846

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.3	8.6	10	AV:N/AC:M/Au:N/C:C/I:C/A:C

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://aviv.raffon.net/2010/02/18/SkeletonsInAdobesSecurityCloset.aspx

http://blogs.adobe.com/psirt/2010/02/adobe_download_manager_issue.html

http://blogs.zdnet.com/security/?p=5505

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=856

http://secunia.com/advisories/38729

Vendor Advisory

http://securitytracker.com/id?1023651

http://www.adobe.com/support/security/bulletins/apsb10-08.html

Patch

Vendor Advisory

http://www.akitasecurity.nl/advisory.php?id=AK20090401

http://www.osvdb.org/62547