CVE-2010-0189
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A certain ActiveX control in NOS Microsystems getPlus Download Manager (aka DLM or Downloader) 1.5.2.35, as used in Adobe Download Manager, improperly validates requests involving web sites that are not in subdomains, which allows remote attackers to force the download and installation of arbitrary programs via a crafted name for a download site.
Un determinado control ActiveX en getPlus Download Manager de NOS Microsystems, (también se conoce como DLM o Downloader) versión 1.5.2.35, tal y como es usado en Adobe Download Manager, comprueba inapropiadamente las peticiones que involucran sitios web que no están en subdominios, lo que permite a los atacantes remotos forzar la descarga e instalación de programas arbitrarios por medio de un nombre especialmente diseñado para un sitio de descarga.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2010-01-06 CVE Reserved
- 2010-02-23 CVE Published
- 2024-04-12 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
CAPEC
References (13)
| URL | Tag | Source |
|---|---|---|
| http://aviv.raffon.net/2010/02/18/SkeletonsInAdobesSecurityCloset.aspx | X_refsource_misc | |
| http://blogs.adobe.com/psirt/2010/02/adobe_download_manager_issue.html | X_refsource_misc | |
| http://blogs.zdnet.com/security/?p=5505 | X_refsource_misc | |
| http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=856 | Third Party Advisory | |
| http://securitytracker.com/id?1023651 | Vdb Entry | |
| http://www.akitasecurity.nl/advisory.php?id=AK20090401 | X_refsource_misc | |
| http://www.osvdb.org/62547 | Vdb Entry | |
| http://www.securityfocus.com/bid/38313 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/56370 | Vdb Entry | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7182 | Signature |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.adobe.com/support/security/bulletins/apsb10-08.html | 2017-09-19 |
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/38729 | 2017-09-19 | |
| http://www.vupen.com/english/advisories/2010/0459 | 2017-09-19 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Nos Microsystems Search vendor "Nos Microsystems" | Getplus Download Manager Search vendor "Nos Microsystems" for product "Getplus Download Manager" | 1.5.2.35 Search vendor "Nos Microsystems" for product "Getplus Download Manager" and version "1.5.2.35" | - |
Affected
| in | Adobe Search vendor "Adobe" | Download Manager Search vendor "Adobe" for product "Download Manager" | <= 1.6.2.60 Search vendor "Adobe" for product "Download Manager" and version " <= 1.6.2.60" | - |
Affected
|