Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-1885

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2008-1885
Last Modified 07 Mar 2011 10:08:00
Published 18 Apr 2008 11:05:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-1885

Summary

Directory traversal vulnerability in the NeffyLauncher 1.0.5 ActiveX control (NeffyLauncher.dll) in CDNetworks Nefficient Download allows remote attackers to download arbitrary code onto a client system via a .. (dot dot) in the SkinPath parameter and a .zip URL in the HttpSkin parameter. NOTE: this can be leveraged for code execution by writing to a Startup folder.

Vulnerable Systems

Application

  • Cdnetworks Download Client


References

XF - nefficientdload-neffylauncher-dir-traversal(41743)

VUPEN - ADV-2008-1186

BID - 28666

MILW0RM - 5397

SECUNIA - 29692

BUGTRAQ - 20080407 CDNetworks Nefficient Download(NeffyLauncher.dll) Vulnerabilities


Last Updated: 27 May 2016 10:47:41