Back to search
CVE-2010-0189
Published: Feb 23, 2010
Modified: Aug 7, 2024
PUBLISHED
Description
A certain ActiveX control in NOS Microsystems getPlus Download Manager (aka DLM or Downloader) 1.5.2.35, as used in Adobe Download Manager, improperly validates requests involving web sites that are not in subdomains, which allows remote attackers to force the download and installation of arbitrary programs via a crafted name for a download site.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
http://www.adobe.com/support/security/bulletins/apsb10-08.html
x_refsource_CONFIRM
1023651
vdb-entry
x_refsource_SECTRACK
38313
vdb-entry
x_refsource_BID
ADV-2010-0459
vdb-entry
x_refsource_VUPEN
http://blogs.zdnet.com/security/?p=5505
x_refsource_MISC
20100223 Multiple Vendor NOS Microsystems getPlus Downloader Input Validation Vulnerability
third-party-advisory
x_refsource_IDEFENSE
http://www.akitasecurity.nl/advisory.php?id=AK20090401
x_refsource_MISC
38729
third-party-advisory
x_refsource_SECUNIA
oval:org.mitre.oval:def:7182
vdb-entry
signature
x_refsource_OVAL
62547
vdb-entry
x_refsource_OSVDB
adobe-dlmanager-unspecified-file-download(56370)
vdb-entry
x_refsource_XF
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now