CVE-2010-0189
6.8 Medium
AI Score
Confidence
Low
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.029 Low
EPSS
Percentile
90.8%
A certain ActiveX control in NOS Microsystems getPlus Download Manager (aka DLM or Downloader) 1.5.2.35, as used in Adobe Download Manager, improperly validates requests involving web sites that are not in subdomains, which allows remote attackers to force the download and installation of arbitrary programs via a crafted name for a download site.
References
aviv.raffon.net/2010/02/18/SkeletonsInAdobesSecurityCloset.aspx
blogs.adobe.com/psirt/2010/02/adobe_download_manager_issue.html
blogs.zdnet.com/security/?p=5505
labs.idefense.com/intelligence/vulnerabilities/display.php?id=856
secunia.com/advisories/38729
securitytracker.com/id?1023651
www.adobe.com/support/security/bulletins/apsb10-08.html
www.akitasecurity.nl/advisory.php?id=AK20090401
www.osvdb.org/62547
www.securityfocus.com/bid/38313
www.vupen.com/english/advisories/2010/0459
exchange.xforce.ibmcloud.com/vulnerabilities/56370
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7182
Related
6.8 Medium
AI Score
Confidence
Low
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.029 Low
EPSS
Percentile
90.8%