Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-1617

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2008-1617
Last Modified 07 Mar 2011 10:07:21
Published 08 Apr 2008 02:05:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-1617

Summary

Double free vulnerability in Web TransferCtrl Class 8,2,1,4 (iManFile.cab), as used in WorkSite Web 8.2 before SP1 P2, allows remote attackers to execute arbitrary code via JavaScript that sets the Server property to a string, then sets the string to null.

Vulnerable Systems

Application

  • Interwoven Worksite Web 8.2


References

XF - worksite-webtransferctrl-code-execution(41699)

VUPEN - ADV-2008-1134

BID - 28628

MISC - http://www.mwrinfosecurity.com/publications/mwri_interwoven-worksite-activex-control-remote-code-execution_2008-03-10.pdf

SECUNIA - 29733


Last Updated: 27 May 2016 10:47:36