Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-1885


Vulnerability Score 6.8 6.8
CVE Id CVE-2008-1885
Last Modified 07 Mar 2011 10:08:00
Published 18 Apr 2008 11:05:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE



Directory traversal vulnerability in the NeffyLauncher 1.0.5 ActiveX control (NeffyLauncher.dll) in CDNetworks Nefficient Download allows remote attackers to download arbitrary code onto a client system via a .. (dot dot) in the SkinPath parameter and a .zip URL in the HttpSkin parameter. NOTE: this can be leveraged for code execution by writing to a Startup folder.

Vulnerable Systems


  • Cdnetworks Download Client


XF - nefficientdload-neffylauncher-dir-traversal(41743)

VUPEN - ADV-2008-1186

BID - 28666

MILW0RM - 5397

SECUNIA - 29692

BUGTRAQ - 20080407 CDNetworks Nefficient Download(NeffyLauncher.dll) Vulnerabilities

Last Updated: 27 May 2016 10:47:41