Argument injection vulnerability in orbitmxt.dll 2.1.0.2 in the Orbit Downloader 2.8.7 and previous versions ActiveX control allows remote malicious users to overwrite arbitrary files via whitespace and a command-line switch, followed by a full pathname, in the third argument to the download method.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
orbitdownloader orbit downloader 2.7.5 |
||
orbitdownloader orbit downloader 2.7.3 |
||
orbitdownloader orbit downloader 2.8.5 |
||
orbitdownloader orbit downloader 2.7.9 |
||
orbitdownloader orbit downloader 2.6.4 |
||
orbitdownloader orbit downloader 2.6.3 |
||
orbitdownloader orbit downloader 2.8.3 |
||
orbitdownloader orbit downloader 2.7.7 |
||
orbitdownloader orbit downloader 2.7.6 |
||
orbit downloader orbit downloader 2.6.3 |
||
orbit downloader orbit downloader 2.6.4 |
||
orbitdownloader orbit downloader 2.8.2 |
||
orbitdownloader orbit downloader 2.8.4 |
||
orbitdownloader orbit downloader 2.6.1 |
||
orbitdownloader orbit downloader |
||
orbitdownloader orbit downloader 2.7.1 |
||
orbitdownloader orbit downloader 2.6.5 |
||
orbitdownloader orbit downloader 2.8.1 |
||
orbitdownloader orbit downloader 2.7.8 |