Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-1886


Vulnerability Score 7.5 7.5
CVE Id CVE-2008-1886
Last Modified 05 Nov 2008 01:37:43
Published 18 Apr 2008 11:05:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE



The NeffyLauncher 1.0.5 ActiveX control (NeffyLauncher.dll) in CDNetworks Nefficient Download uses weak cryptography for a KeyCode that blocks unauthorized use of the control, which allows remote attackers to bypass this protection mechanism by calculating the required KeyCode. NOTE: this can be used by arbitrary web sites to host exploit code that targets this control.

Vulnerable Systems


  • Cdnetworks Download Client


BID - 28666

MILW0RM - 5397

BUGTRAQ - 20080407 CDNetworks Nefficient Download(NeffyLauncher.dll) Vulnerabilities

XF - nefficientdownload-keycode-security-bypass(41933)

Last Updated: 27 May 2016 10:47:41