Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 23/02/2010 Updated: 19/09/2017

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

VMScore: 828

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

A certain ActiveX control in NOS Microsystems getPlus Download Manager (aka DLM or Downloader) 1.5.2.35, as used in Adobe Download Manager, improperly validates requests involving web sites that are not in subdomains, which allows remote malicious users to force the download and installation of arbitrary programs via a crafted name for a download site.

Vulnerable Product	Search on Vulmon	Subscribe to Product
nos_microsystems getplus_download_manager 1.5.2.35
adobe download_manager

CWE-20 http://blogs.zdnet.com/security/?p=5505 http://aviv.raffon.net/2010/02/18/SkeletonsInAdobesSecurityCloset.aspx http://blogs.adobe.com/psirt/2010/02/adobe_download_manager_issue.html http://www.securityfocus.com/bid/38313 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=856 http://www.adobe.com/support/security/bulletins/apsb10-08.html http://secunia.com/advisories/38729 http://securitytracker.com/id?1023651 http://www.osvdb.org/62547 http://www.vupen.com/english/advisories/2010/0459 http://www.akitasecurity.nl/advisory.php?id=AK20090401 https://exchange.xforce.ibmcloud.com/vulnerabilities/56370 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7182 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2010-0189

Vulnerability Summary

References

Vulmon Search

About

Products

Connect