EUVD-2008-1618

Malware in sbrugna...

Interwoven WorkSite Web TransferCtrl Class控件双重释放漏洞

BUGTRAQ ID: 28628 CVECAN ID: CVE-2008-1617 Worksite是Interwoven发布的文档和邮件管理解决方案。 Worksite的iManFile.cab文件所安装的Web TransferCtrl Class ActiveX控件（CLSID：4BECECDE-E494-4f69-A3DE-DA0B77726307）在处理Server属性时存在双重释放漏洞。如果用户受骗访问了恶意站点的话，就可以触发这个漏洞，导致执行任意指令。 Interwoven WorkSite 8.2 Interwoven ----------...

Code injection

The Web TransferCtrl Class 8,2,1,4 iManFile.cab, as used in WorkSite Web 8.2 before SP1 P2, allows remote attackers to cause a denial of service memory consumption via a large number of SendNrlLink directives, which opens a separate window for each directive...

CVE-2008-1617

Double free vulnerability in Web TransferCtrl Class 8,2,1,4 iManFile.cab, as used in WorkSite Web 8.2 before SP1 P2, allows remote attackers to execute arbitrary code via JavaScript that sets the Server property to a string, then sets the string to null...

Double free

Double free vulnerability in Web TransferCtrl Class 8,2,1,4 iManFile.cab, as used in WorkSite Web 8.2 before SP1 P2, allows remote attackers to execute arbitrary code via JavaScript that sets the Server property to a string, then sets the string to null...

CVE-2008-1700

The issue concerns WorkSite Web 8.2 before SP1 P2 using the Web TransferCtrl Class (iManFile.cab). A vulnerability allows remote attackers to cause a denial of service via a large number of SendNrlLink directives, each opening a separate window and consuming memory. Affected software: WorkSite We...

CVE-2008-1617

CVE-2008-1617 describes a double-free vulnerability in Interwoven WorkSite 8.2 Web components, specifically the Web TransferCtrl Class ActiveX control (iManFile.cab). The flaw occurs in handling the Server property of the control, allowing a remote attacker to execute arbitrary code by setting th...