Описание
A certain ActiveX control in NOS Microsystems getPlus Download Manager (aka DLM or Downloader) 1.5.2.35, as used in Adobe Download Manager, improperly validates requests involving web sites that are not in subdomains, which allows remote attackers to force the download and installation of arbitrary programs via a crafted name for a download site.
Комментарий
Per: http://blogs.adobe.com/psirt/2010/02/adobe_download_manager_issue.html
"Adobe is aware of the recently posted report of a remote code execution vulnerability in the Adobe Download Manager."
Ссылки
- Vendor Advisory
- PatchVendor Advisory
- Vendor Advisory
- Vendor Advisory
- PatchVendor Advisory
Уязвимые конфигурации
Одновременно
EPSS
9.3 Critical
CVSS2
Дефекты
Связанные уязвимости
A certain ActiveX control in NOS Microsystems getPlus Download Manager (aka DLM or Downloader) 1.5.2.35, as used in Adobe Download Manager, improperly validates requests involving web sites that are not in subdomains, which allows remote attackers to force the download and installation of arbitrary programs via a crafted name for a download site.
EPSS
9.3 Critical
CVSS2