Lucene search

K

Kaspersky LabKLA10042

HistoryFeb 25, 2010 - 12:00 a.m.

KLA10042 Critical vulnerability in Adobe Download Manager

2010-02-2500:00:00

Kaspersky Lab

threats.kaspersky.com

11

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.029 Low

EPSS

Percentile

90.6%

Detect date:

02/25/2010

Severity:

Critical

Description:

Improper request validation at NOS Microsystems getPlus Download Manager was found in Adobe Download Manager. Malicious users can exploit this vulnerability to bypass security and install arbitrary programs via a specially designed download site name.

Affected products:

Adobe Download Manager versions 1.6.2.60 and earlier

Solution:

Update to latest version

Original advisories:

Impacts:

SB

Related products:

Adobe Download Manager

CVE-IDS:

CVE-2010-01899.3Critical

References

www.adobe.com/support/security/bulletins/apsb12-12.html

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0189

statistics.securelist.com/vulnerability-scan/month

threats.kaspersky.com/en/product/Adobe-Download-Manager/

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.029 Low

EPSS

Percentile

90.6%

Related for KLA10042

prion1 securityvulns3 seebug1 nessus1 cvelist1 cve1