CVE-2010-0189 Information
Description
A certain ActiveX control in NOS Microsystems getPlus Download Manager (aka DLM or Downloader) 1.5.2.35 as used in Adobe Download Manager improperly validates requests involving web sites that are not in subdomains which allows remote attackers to force the download and installation of arbitrary programs via a crafted name for a download site.
Reference
http://aviv.raffon.net/2010/02/18/SkeletonsInAdobesSecurityCloset.aspx http://blogs.adobe.com/psirt/2010/02/adobe_download_manager_issue.html http://blogs.zdnet.com/security/?p=5505 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=856 http://secunia.com/advisories/38729 http://securitytracker.com/id?1023651 http://www.adobe.com/support/security/bulletins/apsb10-08.html http://www.akitasecurity.nl/advisory.php?id=AK20090401 http://www.osvdb.org/62547 http://www.securityfocus.com/bid/38313 http://www.vupen.com/english/advisories/2010/0459 https://exchange.xforce.ibmcloud.com/vulnerabilities/56370 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A7182
Share on: