Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-1886

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2008-1886
Last Modified 05 Nov 2008 01:37:43
Published 18 Apr 2008 11:05:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-1886

Summary

The NeffyLauncher 1.0.5 ActiveX control (NeffyLauncher.dll) in CDNetworks Nefficient Download uses weak cryptography for a KeyCode that blocks unauthorized use of the control, which allows remote attackers to bypass this protection mechanism by calculating the required KeyCode. NOTE: this can be used by arbitrary web sites to host exploit code that targets this control.

Vulnerable Systems

Application

  • Cdnetworks Download Client


References

BID - 28666

MILW0RM - 5397

BUGTRAQ - 20080407 CDNetworks Nefficient Download(NeffyLauncher.dll) Vulnerabilities

XF - nefficientdownload-keycode-security-bypass(41933)


Last Updated: 27 May 2016 10:47:41