CVE-2008-1617 Information

Description

Double free vulnerability in Web TransferCtrl Class 8214 (iManFile.cab) as used in WorkSite Web 8.2 before SP1 P2 allows remote attackers to execute arbitrary code via JavaScript that sets the Server property to a string then sets the string to null.

Reference

http://secunia.com/advisories/29733 http://www.mwrinfosecurity.com/publications/mwri_interwoven-worksite-activex-control-remote-code-execution_2008-03-10.pdf http://www.securityfocus.com/bid/28628 http://www.vupen.com/english/advisories/2008/1134/references https://exchange.xforce.ibmcloud.com/vulnerabilities/41699