Back to search
CVE-2008-1885
Published: Apr 18, 2008
Modified: Aug 7, 2024
PUBLISHED
Description
Directory traversal vulnerability in the NeffyLauncher 1.0.5 ActiveX control (NeffyLauncher.dll) in CDNetworks Nefficient Download allows remote attackers to download arbitrary code onto a client system via a .. (dot dot) in the SkinPath parameter and a .zip URL in the HttpSkin parameter. NOTE: this can be leveraged for code execution by writing to a Startup folder.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
ADV-2008-1186
vdb-entry
x_refsource_VUPEN
29692
third-party-advisory
x_refsource_SECUNIA
20080407 CDNetworks Nefficient Download(NeffyLauncher.dll) Vulnerabilities
mailing-list
x_refsource_BUGTRAQ
28666
vdb-entry
x_refsource_BID
5397
exploit
x_refsource_EXPLOIT-DB
nefficientdload-neffylauncher-dir-traversal(41743)
vdb-entry
x_refsource_XF
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now