Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2010-0189 | First vendor Publication | 2010-02-23 |
Vendor | Cve | Last vendor Modification | 2017-09-19 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A certain ActiveX control in NOS Microsystems getPlus Download Manager (aka DLM or Downloader) 1.5.2.35, as used in Adobe Download Manager, improperly validates requests involving web sites that are not in subdomains, which allows remote attackers to force the download and installation of arbitrary programs via a crafted name for a download site. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0189 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-20 | Improper Input Validation |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:7182 | |||
Oval ID: | oval:org.mitre.oval:def:7182 | ||
Title: | ActiveX control in NOS Microsystems getPlus Download Manager Vulnerability | ||
Description: | A certain ActiveX control in NOS Microsystems getPlus Download Manager (aka DLM or Downloader) 1.5.2.35, as used in Adobe Download Manager, improperly validates requests involving web sites that are not in subdomains, which allows remote attackers to force the download and installation of arbitrary programs via a crafted name for a download site. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-0189 | Version: | 9 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 | Product(s): | Adobe Download Manager |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 2 | |
Application | 1 |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
62547 | Adobe getPlus DLM (Download Manager) on Windows getPlus Downloader Software I... |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2010-02-25 | IAVM : 2010-B-0015 - Adobe Download Manager Vulnerability Severity : Category II - VMSKEY : V0022698 |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2010-03-01 | Name : The remote Windows host has a download manager installed that is prone to an ... File : adobe_download_manager_apsb10-08.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2020-05-23 01:41:33 |
|
2020-05-23 00:25:08 |
|
2017-09-19 09:23:36 |
|
2017-08-17 09:22:53 |
|
2016-06-28 18:00:15 |
|
2016-04-26 19:31:09 |
|
2014-02-17 10:53:22 |
|
2013-11-11 12:38:35 |
|
2013-05-10 23:16:37 |
|